CrowdStrike Update Pushing Windows Machines Into a Blue Screen Of Death (BSOD)

July 19, 2024 News

A recent update to the CrowdStrike Falcon sensor is causing major problems for Windows users worldwide, leading to blue screen of death (BSOD) loops and making systems unusable.

Starting on July 19, 2024, this issue affects Windows 10 and 11 systems running CrowdStrike's endpoint security software.

Users are encountering repeated BSODs with the error message "DRIVER_OVERRAN_STACK_BUFFER," preventing normal system boot and operation.

CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue.

The company is advising affected users against submitting individual support tickets at this time. The update has notably impacted enterprise customers, with some organizations reporting that thousands of devices, including crucial production servers and SQL nodes, are affected.

IT departments are actively trying to address the issue, with some choosing to remove CrowdStrike files from the compromised systems to restore functionality.

This situation highlights the risks associated with automatic updates for security software, especially in large-scale enterprise settings.

There are now calls from affected users for stricter testing protocols and staged rollout strategies to avoid similar issues in the future.

An update from Crowdstrike is below;

Identifying Affected Systems

For those concerned about whether their systems are affected, there are several ways to check:

  1. Boot into Safe Mode and check the CrowdStrike Falcon sensor version. The problematic update seems to be affecting various sensor versions, including version 6.58.
  2. Check the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
  3. Look for the specific BSOD error message “DRIVER_OVERRAN_STACK_BUFFER,” which is associated with this issue.

While CrowdStrike works on a permanent fix, some users have reported success with the following workaround:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys” and delete it
  4. Boot the host normally

It’s important to note that this workaround has not been officially verified. Users should proceed with caution and await official guidance from CrowdStrike.

Here's the impact of IT disruptions listed as bullet points for each country:

- Australia: Media, airlines, supermarkets, banks, and hospitals impacted.

- Belgium: Train ticket sales, digital announcements, media, banks, airports, and government services disrupted.

- Canada: TD Canada Trust app and Vancouver International Airport affected.

- China: Widespread blue screens, some businesses allowed early dismissal.

- Croatia: Health information system and air traffic control issues.

- Czech Republic: Prague Airport affected.

- France: TV channels and Paris Olympics systems disrupted.

- Germany: Berlin Airport halted flights, Lufthansa affected, hospital operations canceled.

- Hungary: Budapest Airport issues.

- Hong Kong: Airport check-in delays, airline booking systems down.

- India: Major airlines and IT firms impacted.

- Israel: Emergency services, hospitals, and banks affected.

- Japan: Spring Japan airline experiencing issues.

- Malaysia: KTMB railway ticketing system issues.

- Netherlands: Schiphol airport, banks, and medical services disrupted.

- New Zealand: Banks, supermarkets, Auckland Transport, and Christchurch Airport were affected.

- Philippines: Major banks, telecommunications, airlines, and government websites down.

- South Africa: Banking issues.

- South Korea: Jeju Air is experiencing issues.

- Singapore: Changi Airport delays, various service disruptions.

- Spain: National airport traffic control IT outage.

- Switzerland: Zurich Airport halted landings.

- United Kingdom: News channels, airports, rail companies, NHS, and various services disrupted.

- United States: Airline ground stops, 911 service disruptions, Microsoft and CrowdStrike shares dropped.

Connect with Allianz i

Together we thrive.

Contact Us