CrowdStrike update causing BSOD for computers running Microsoft Windows

In this blog, we will discuss the recent global Windows outage caused by a CrowdStrike update leading to BSOD errors and a Microsoft Azure configuration change. We’ll cover the impact on various sectors and provide remediation tips to help affected users recover.

Manoj Korekka, Senior Cyber Security Analyst of Cognisys

Manoj Korekka

19th July 2024

The tech world is reeling from a widespread outage affecting Windows systems globally. This incident, which began on Thursday evening, has caused significant disruptions across various sectors, including media outlets, airlines, banks, and even emergency services. The root causes appear to be twofold: a problematic update from cyber security firm CrowdStrike and a configuration change in Microsoft Azure’s backend workloads.

CrowdStrike issue

CrowdStrike, a major player in the cyber security industry, acknowledged widespread reports of Blue Screen of Death (BSOD) errors on Windows hosts. The issue seems to stem from their csagent.sys driver, affecting multiple sensor versions. Users have reported various error messages, including:

  • PAGE_FAULT_IN_NON_PAGED_AREA
  • CRITICAL_PROCESS_DIED
  • SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

The scope of this problem is extensive, with reports coming in from the United States, European Union, Australia, New Zealand, India, and the Czech Republic. One user on Reddit claimed their organisation, with over 50,000 devices, was entirely affected.

CrowdStrike has identified and reverted the problematic content deployment. For affected users, they recommend the following workaround:

  • Boot into Safe Mode or Windows Recovery Environment
  • Navigate to C:WindowsSystem32driversCrowdStrike
  • Delete the file C-00000291*.sys
  • Reboot normally

Microsoft Azure configuration change

Concurrent with the CrowdStrike issue, Microsoft reported a large-scale outage with Azure. The problem originated from a configuration change in Azure backend workloads, disrupting connections between storage and compute resources. This interruption cascaded to various Microsoft 365 services, causing:

  • User access problems
  • Functionality limitations across platforms such as PowerBI, Microsoft Fabric, Teams, Admin Center, Microsoft Purview, and Viva Engage

Some services, including Microsoft Defender, Intune, OneNote, OneDrive for Business, SharePoint Online, and Windows 365, have reportedly recovered. However, others remain in a degraded state, either operating in read-only mode, experiencing delays in processing events, or completely inaccessible.

Global impact

The combined effect of these issues has been staggering:

  • Commercial flights grounded due to information screen failures at airports worldwide
  • UK’s Sky News TV channel went offline
  • Cellular networks like Verizon experienced server problems
  • 911 emergency operators faced outages

Microsoft’s response

Microsoft has stated that they are treating this event with the highest priority. They are actively working to mitigate the impact and have committed to providing regular updates. The next update is expected by July 19, 2024, at 7:30 AM UTC.

For users experiencing issues, Microsoft recommends either following CrowdStrike’s workaround or waiting for further updates from their team.

Keep up-to-date with all upcoming announcements here

Latest update for fixing the issue

A simple Group Policy (GPO) to automatically fix CrowdStrike BSOD (Blue screen of death) issue, learn more here.

Subscribe to receive the latest cyber insights

RECENT UPDATES

In Parallel achieves ISO 42001 at breakneck speed

CASE STUDY

In Parallel achieves ISO 42001 at breakneck speed

Learn how we helped In Parallel achieve their ISO 42001 certification, boosting their market credibility.

The biggest cyber attacks and vulnerabilities from September 2024

NEWS

The biggest cyber attacks and vulnerabilities from September 2024

Insights and trends from recent cyber threats and vulnerabilities from September.

IT manager using SmartScan to prioritise vulnerabilities, organising tasks based on severity to enhance security efforts.

BLOG

What is vulnerability management?

In this blog, we discuss what vulnerability management is, the lifecycle from discovering weaknesses to prioritising, resolving, and continuously improving defences to minimise cyber risks.