CrowdStrike outage leaves millions of Windows 10 users stuck with Blue Screen of Death, here's how to fix it

A sensor update from CrowdStrike appears to have left millions of Windows 10 PCs unable to boot correctly, with many stuck on the Blue Screen of Death (BSOD) error screen. But Reddit users have suggested a temporary fix to resolve the glitch and end the bootloop

UNSPLASH | JOHNYVINO
Aaron Brown

By Aaron Brown


Published: 19/07/2024

- 15:16

Updated: 19/07/2024

- 16:35

If rebooting Windows upwards of 15x doesn't work, Reddit users have shared another workaround to fix the CrowdStrike error causing global IT carnage

  1. Boot Windows into Safe Mode or Recovery Environment
  2. Navigate to C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching "C-00000291*.sys" and delete it
  4. Reboot Windows 10

Struggling to boot your Windows PC? You're not alone.

Millions of desktop PCs and laptops still reliant on Windows 10 — which will lose critical security patches from Microsoft in less than 14 months time — have been struck by the Blue Screen of Death (BSOD) error message. The same error also appears to impact newer versions of Microsoft's operating system, including Windows 11.


"It looks like Windows didn't load correctly. If you'd like to restart and try again, choose Restart my PC below," reads the error message, which is named after the trademark blue background. However, many Windows 10 users have reported being unable to reboot their PC — leaving them stuck on the recovery page.

Antivirus solution CrowdStrike acknowledged the issue on its website, posting: "CrowdStrike is aware of reports of crashes on Windows related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheckblue screen error related to the Falcon Sensor. Our Engineering teams are actively working to resolve this issue and there is no need to open a support ticket."

CrowdStrike periodically updates its own software, known as sensors, which are deployed on Windows 10 machines to provide endpoint protection. However, the most recent update appears to have broken csagent.sys — causing havoc with millions of Windows PCs vital to infrastructure from airlines to train stations, banking apps from Santander and Lloyds TSB, Microsoft 365 applications, and more.

The US company, headquartered in Texas, has ruled out "a security incident or cyber attack".

If possible, it's best to wait for CrowdStrike to resolve the issue with an official patch — and that shouldn't be too long as it's confirmed that it's mobilised its teams to fix the error.

According to experts posting on X, formerly Twitter, restarting a Windows PC affected by the CrowdStrike glitch between 3 or 15 times consecutively can resolve the issue. Yes, really.

It might sound like a joke from Channel 4 comedy The IT Crowd, but a deployment specialist for the Windows operating system has claimed the reboots "is working on a large percentage of machines".

This is because Microsoft will allow the Windows 10 or Windows 11 operating system to connect online just long enough during the reboot process that it's able to ping the CrowdStrike servers and download an update that fixes the broken .sys file.

"Try rebooting over and over and over and over. Seriously," the expert posted.

Another popular trick that's gaining traction across Reddit, and has been endorsed as an official workaround by some of the teams inside CrowdStrike, suggests uses Microsoft's Safe Mode functionality which is built into all versions of the Windows operating system.

Discussed on a forum dedicated to IT System Administrators on the social news website Reddit, users with expert knowledge suggested a temporary fix to resolve the Blue Screen of Death error. According to Reddit users posting in /r/sysadmin, following these steps can fix the Windows 10 BSOD problem:

  1. Boot Windows into Safe Mode or Recovery Environment
  2. Navigate to C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching "C-00000291*.sys", and delete it.
  4. Reboot Windows 10

According to Reddit users, booting into Safe mode w/ Networking for the above steps will ensure the broken file from CrowdStrike is auto-updated to a patched one with a newer timestamp as soon as it's available. However, this could take longer, and booting into Safe Mode lets you delete the troublesome file entirely for an immediate fix.

Comment
byu/Sorryboss from discussion
insysadmin

Calvin Gan, who works as a Scam Protection Strategy Senior Manager at Finnish security firm F-Secure, told GB News: "While CrowdStrike has provided a fix for devices which had not previously received the faulty update, machines that were impacted will need to have the faulty file manually removed in Windows Safe Mode and deleted before they’re able to be used.

"Incidents such as these, which can cause a global ripple effect, provide a stark reminder for companies to continuously plan and iterate a robust business continuity and disaster recovery plan."

If you're unsure about how to boot-up Windows 10 in Safe Mode, we've got detailed step-by-step instructions on how to enter this recovery mode from the Blue Screen Of Death error message.

To start the process, you're going to need to reboot your Windows 10 PC multiple times.

windows 10 blue screen of death boot in safe mode

As you've finished power cycling your Windows 10 PC, you'll be presented with this screen, which lets you begin the process of booting your machine in Safe Mode

MICROSOFT PRESS OFFICE

Start by holding down the power button for 10 seconds to turn off your machine, then as soon as it's off, press the power button again. When you spot signs of life from your device — this is usually the manufacturer's logo — hold down the power button for 10 seconds to turn off your device (again).

Press the power button again to turn on your device.

When Windows restarts, hold down the power button for 10 seconds to turn off your device, then press the power button again to turn on your device. After this continuous reboot process, known as "power cycling" by IT professionals, your device will fully restart and enter winRE mode.

This is a stripped-back interface with three options: Continue, Troubleshoot, and Turn Off Your PC. Each is a large tile with a simple icon. On the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.

After your device restarts (for the last time as part of this process, promise), you'll be presented with a list of new options. Select Option 5 from the list or press F5 on your keyboard for Safe Mode with Networking.

This will launch your Windows 10 machine in Safe Mode and allow you to follow the above steps to try to remove the latest CrowdStrike sensors update that's causing havoc with PCs worldwide.

You may like