Earlier today, the Microsoft outage made headlines as several industries were affected by it, including Airlines and Hospitals. Millions of users on their work and personal computers and laptops were unable to access Microsoft 365 apps and services and several saw the Blue Screen of Death (BSOD) error on their system. While Microsoft and the Indian Computer Emergency Response Team (CERT-In) addressed the issue, CrowdStrike (the firm that pushed an update, which resulted in the outage occurred), was yet to fully clarify the error. Now, the CEO of CrowdStrike has come up with an official statement, addressing the outage. The company has also shared some steps to fix the issue.
What CrowdStrike has to say about the outage?
George Kurtz, President and CEO of CrowdStrike, said that a single content update for Windows hosts impacted users’ Windows PCs, and the company has deployed a fix.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” stated George Kurtz on X (formerly Twitter).
Here’s CrowdStrike’s fix to the error
CrowdStrike recommends you follow the below steps for individual hosts.
Step 1: Boot into Safe Mode or the Windows Recovery Environment.
Step 2: Then Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
Step 3: Look for the C-0000291*.sys and delete it.
Step 4: Then, boot your PC in the normal mode and it should start.
Here are the steps you need to follow for a public cloud or similar environment including virtual.
Step 1: Detach the operating system disk volume from the impacted virtual server.
Step 2: Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes.
Step 3: Attach/mount the volume to a new virtual server.
Step 4: Navigate to the C:\System32\drivers\CrowdStrike directory.
Step 5: Locate the file matching “C-00000291*.sys”, and delete it.
Step 6: Detach the volume from the new virtual server.
Step 7: Reattach the fixed volume to the impacted virtual server.
CrowdStrike is a Cybersecurity firm that offers cloud-based security solutions to businesses. Its Falcon sensor caused Windows to crash and show a Blue Screen of Death (BSOD).
A bit late, but Microsoft’s CEO Satya Nadella also shared the following statement.
“Yesterday, CrowdStrike released an update that began impacting IT systems globally. We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.”
