How to fix CrowdStrike BSODs in three minutes — fix requires manual changes, but they are simple

If your machines have been impacted by the recent CrowdStrike outage, then this is the how-to for you. Users across the globe have been impacted by the infamous Blue Screen of Death (BSoD), triggered by CrowdStrike’s update of its Falcon Sensor application. An application designed to protect your machines from malicious threats is now the source of one of the largest outages in recent memory. Below we have instructions that can fix the issue in just a few moments.

The official fix, as detailed below, comes from CrowdStrike and effectively sees us regressing the update to a previous working state. Whether this will be automated in the future remains to be seen. 

If you have been affected by the CrowdStrike outage, here are the steps to fix it. Note that these steps must be completed for every affected machine. At the time of writing, no automated service can do this, so your sysadmin or IT support team will be busy for the next few days.

1. Boot your Windows system into safe mode or the Windows Recovery Environment (winRE)by first powering up your machine until a manufacturer’s logo is visible. Press and hold the power button for ten seconds to turn off the machine. Repeat this process once more
2. Press the power button again to power up and the machine will boot to the winRE.
3. From the option menu select Troubleshoot >> Advanced Options >> Startup Settings >> Restart.
4. Select option 5 or press F5 to restart the machine in safe mode with Networking.
5. Wait for the machine to boot into the safe mode desktop.
6. Open the File Manager and navigate to C:\Windows\System32\drivers\CrowdStrike
7. Look for and delete any files that match the pattern “C-00000291*.sys”
8. Reboot as normal.

You should now be able to boot into and use your Windows PC as normal.

The IT world is currently reeling from this outage, with many questioning how this issue made it to production, when it should’ve been tested before release. This outage may also force companies to add a staging step to their update management policies, testing the updates in an isolated environment before they are pushed live.