Following the global Windows outage caused by CrowdStrike’s botched update, IT admins are turning to a workaround provided by the cybersecurity firm.
Booting Windows into Safe Mode prevents CrowdStrike’s kernel-level driver from loading, allowing admins to delete the faulty driver. It’s currently the best solution for devices with a Blue Screen of Death error.
Here’s how to implement the workaround:
- Boot Windows into Safe Mode/the Windows Recovery Environment.
- Go to the C:\Windows\System32\drivers\CrowdStrike directory.
- Find the file name “C-00000291*.sys” and delete it.
- Boot the host.
It’s worth noting that in most cases this workaround requires admins to have physical access to the affected machine. Lack of admin rights or disk encryption could also complicate things.
Of course, admins could wait for the fix from CrowdStrike, but this is taking its time as millions of machines attempt to connect to the company’s update servers simultaneously
Alternative Fixes for Windows Blue Screen of Death Error
Some admins are simply trying to repeatedly reboot machines in hopes the update will kick in before the CrowdStrike protection engine initializes, causing the dreaded Blue Screen of Death error. Turning devices off and on again certainly seems to be resolving the issue for some but there are no guarantees.
Boot loop will eventually fix it. The network stack is loading and contacting Crowdstrike update before the BSoD it seems, but this depends on the load on the CDN as well. Can solve itself after 3 reboots, could take 15 or more.
— Chris Roberts (@young_robbo) July 19, 2024
For businesses running virtual desktops, it might be worth restoring affected hosts to a point before the botched update did any damage.
For everyone else, the CrowdStrike workaround is currently the best option out there.