CrowdStrike update causing BSOD for computers running Microsoft Windows
In this blog, we will discuss the recent global Windows outage caused by a CrowdStrike update leading to BSOD errors and a Microsoft Azure configuration change. We’ll cover the impact on various sectors and provide remediation tips to help affected users recover.
Manoj Korekka
19th July 2024
The tech world is reeling from a widespread outage affecting Windows systems globally. This incident, which began on Thursday evening, has caused significant disruptions across various sectors, including media outlets, airlines, banks, and even emergency services. The root causes appear to be twofold: a problematic update from cyber security firm CrowdStrike and a configuration change in Microsoft Azure’s backend workloads.
CrowdStrike issue
CrowdStrike, a major player in the cyber security industry, acknowledged widespread reports of Blue Screen of Death (BSOD) errors on Windows hosts. The issue seems to stem from their csagent.sys driver, affecting multiple sensor versions. Users have reported various error messages, including:
- PAGE_FAULT_IN_NON_PAGED_AREA
- CRITICAL_PROCESS_DIED
- SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
The scope of this problem is extensive, with reports coming in from the United States, European Union, Australia, New Zealand, India, and the Czech Republic. One user on Reddit claimed their organisation, with over 50,000 devices, was entirely affected.
CrowdStrike has identified and reverted the problematic content deployment. For affected users, they recommend the following workaround:
- Boot into Safe Mode or Windows Recovery Environment
- Navigate to C:WindowsSystem32driversCrowdStrike
- Delete the file C-00000291*.sys
- Reboot normally
Microsoft Azure configuration change
Concurrent with the CrowdStrike issue, Microsoft reported a large-scale outage with Azure. The problem originated from a configuration change in Azure backend workloads, disrupting connections between storage and compute resources. This interruption cascaded to various Microsoft 365 services, causing:
- User access problems
- Functionality limitations across platforms such as PowerBI, Microsoft Fabric, Teams, Admin Center, Microsoft Purview, and Viva Engage
Some services, including Microsoft Defender, Intune, OneNote, OneDrive for Business, SharePoint Online, and Windows 365, have reportedly recovered. However, others remain in a degraded state, either operating in read-only mode, experiencing delays in processing events, or completely inaccessible.
Global impact
The combined effect of these issues has been staggering:
- Commercial flights grounded due to information screen failures at airports worldwide
- UK’s Sky News TV channel went offline
- Cellular networks like Verizon experienced server problems
- 911 emergency operators faced outages
Microsoft’s response
Microsoft has stated that they are treating this event with the highest priority. They are actively working to mitigate the impact and have committed to providing regular updates. The next update is expected by July 19, 2024, at 7:30 AM UTC.
For users experiencing issues, Microsoft recommends either following CrowdStrike’s workaround or waiting for further updates from their team.
Keep up-to-date with all upcoming announcements here
Latest update for fixing the issue
A simple Group Policy (GPO) to automatically fix CrowdStrike BSOD (Blue screen of death) issue, learn more here.
