Bug in the recent update of the CrowdStrike Falcon caused thousands of systems across the world to crash with BSOD. The worst part about it is that Windows refuses to boot correctly afterwards, displaying the same error message. CrowdStrike apologizes for the mess and is due to release the hotfix that should allegedly get the systems back to normal.
Bug in CrowdStrike Falcon Causes Blue Screens of Death Across the Globe
On July 18, 2024 CrowdStrike pushed out a minor update to their MDR system called Falcon. Shortly after it made its way to the systems, computers started crashing for no apparent reason. As it turned out, there is a critical bug in the driver that the update has introduced; Windows cannot handle it properly and consequently crashes. At first, customers along with some of the analysts were thinking of a cyberattack, but it then became apparent that it is just a software bug. Well, not “just”, considering the scale.
What is the worst in all this story is the fact that Falcon is a rather popular solution, used in quite a lot of organizations across the world. And, you guessed it right, a faulty update have jammed all the customers’ systems, with no apparent way to fix the issue. Among companies that have reported issues related to the CrowdStrike Falcon bug are numerous airlines and airports, telecommunications companies, railways, and more. At the moment, companies that reported the issues are as follows:
- Sky TV
- CBBC (BBC Children)
- Delhi Airport
- London Gatwick
- Telstra Group
- United Airlines
- Ryanair
- Edinburgh Airport
- Delta Airlines
- American Airlines
- Olympic Games systems
- London Stock Exchange
- Singapore Stock Exchange
- Virgin Australia
- SpiceJet
- Turkish Airlines
This list is, of course, incomplete, as there are many smaller companies that experience problems, but are not that noticeable to the public. Some of the mentioned organizations managed to switch to manual operations, while others had no other option but to idle.
CrowdStrike Publishes a Workaround
Considering the massiveness of the problems, CrowdStrike developers immediately went to work, reverting the update. Thing is – it would not really be possible to install the update as the affected computers won’t even boot into Windows. To let the companies access their systems for now, and consequently install the fix when it is here, the developers shared a workaround solution.
To temporarily fix up the mess, customers should boot into Windows Safe Mode or the Recovery Environment. These modes allow for accessing actual Windows systems or at least its partitions, which is what further steps require. There, users should find the C:\Windows\System32\drivers\CrowdStrike with the C-00000291*.sys file in it, and delete this file. This is the faulty driver that causes all the issues. After that, the system should be able to boot up normally.
Potential Impact
The massiveness of the bug is, obviously, impossible to ignore; this situation will barely be forgiven and forgotten. All the huge companies that were forced to just idle, losing money and time, will likely ask for some kind of compensation. And this, together with yet another stain on the reputation, is what pushes CrowdStrike shares price down at the moment. As of 5:30 ET, $CRWD is down almost 20% from yesterday’s close price, losing $70 of its share price.
One more thing such a massive outage should push up is the availability of a quick remedy for such a situation. What should allow them to skip the BSODs quickly and get back to normal is backups. Applying them will take some time, too, but that’s nothing compared to the manual intrusion into every single machine that the remedy requires.