Crowdstrike Windows outage 2024 and how to quickly fix it

Overview of CrowdStrike’s Products and Services

CrowdStrike is a leading name in the cybersecurity industry, renowned for its comprehensive and advanced security solutions. Here’s a detailed overview of CrowdStrike’s products and services:

Endpoint and Cloud Workload Protection

CrowdStrike Falcon is the flagship product, offering robust protection for endpoints and cloud workloads. Using artificial intelligence and machine learning, Falcon can detect and prevent threats in real time, providing unmatched security for organizations. This product is essential for businesses looking to safeguard their data and systems from sophisticated cyberattacks.

Threat Intelligence Services

CrowdStrike offers a suite of threat intelligence services that keep organizations informed about the latest cyber threats and vulnerabilities. By providing timely and actionable intelligence, these services help businesses enhance their security defenses and prepare for potential threats. Organizations can stay one step ahead of cybercriminals with CrowdStrike’s detailed reports and insights.

Cyber Incident Response

When a cyberattack occurs, CrowdStrike’s Cyber Incident Response team steps in to investigate and mitigate the damage. Their experts are skilled at identifying the source of attacks, containing the threats, and helping organizations recover quickly. This service is crucial for minimizing the impact of cyber incidents and restoring normal operations.

Managed Security Services

For organizations needing continuous monitoring and expert management of their security infrastructure, CrowdStrike provides managed security services. These services include 24/7 monitoring, threat hunting, and response activities performed by experienced cybersecurity professionals. This ensures that businesses are protected around the clock, even as cyber threats evolve.

The Recent CrowdStrike Windows Outage 2024

In July 2024, CrowdStrike faced a significant challenge when a faulty update to their security software led to a global outage affecting numerous Windows computers. This incident disrupted operations across various sectors and highlighted the importance of rigorous update testing and swift resolution mechanisms.

The Cause of the Outage

The outage was triggered by an update to CrowdStrike’s security software that resulted in computers being unable to boot properly. The specific issue was linked to a problematic file, C-00000291*.sys, which caused system failures and prevented normal startup processes.

Impact on Users

The faulty update had widespread repercussions, affecting thousands of users globally. Many organizations experienced significant downtime, leading to operational disruptions and potential financial losses. The incident underscored the critical role of cybersecurity solutions in maintaining business continuity.

Steps to Fix the Issue

To resolve the boot issues caused by the faulty update, CrowdStrike provided a clear set of instructions for affected users:

1. Boot Windows into Safe Mode or Windows Recovery Environment (WRE): This step ensures that the system can start with minimal drivers and services, allowing for troubleshooting.
2. Navigate to the File Location: Users were instructed to go to C:\Windows\System32\drivers\CrowdStrike.
3. Delete the Problematic File: Locate and delete the file matching C-00000291*.sys.
4. Reboot Normally: After deleting the file, users could reboot their computers normally.

It was also advised that users with Bitlocker-encrypted drives should temporarily remove the encryption to facilitate the deletion process and then re-encrypt their drives afterward.

CrowdStrike’s Response

CrowdStrike acted swiftly to address the issue, providing detailed instructions and support to affected users. The company issued an apology and committed to improving their update processes to prevent similar incidents in the future. Their prompt response and transparent communication were crucial in maintaining customer trust and mitigating the impact of the outage.

Lessons Learned

The 2024 outage served as a reminder of the importance of rigorous testing for software updates and the need for robust incident response strategies. It also highlighted the resilience of CrowdStrike in managing crises and reinforcing their commitment to customer service and cybersecurity excellence.

This incident, while challenging, ultimately reinforced CrowdStrike’s dedication to providing top-tier cybersecurity solutions and their ability to navigate and resolve complex issues effectively.

How to Fix CrowdStrike Windows Boot Issues

If you’re experiencing boot issues on your Windows computer due to a recent CrowdStrike update, you’re not alone. This guide will walk you through the steps to resolve the problem quickly and efficiently. Follow these instructions to get your system up and running smoothly again.

Step 1: Boot Windows into Safe Mode or Windows Recovery Environment (WRE)

To begin the fix, you need to boot your computer into Safe Mode or the Windows Recovery Environment (WRE). This allows you to access system files without interference from problematic drivers or services.

How to Boot into Safe Mode:

1. Restart your computer.
2. Press F8 (or Shift + F8) before the Windows logo appears.
3. Select “Safe Mode” from the Advanced Boot Options menu.

How to Boot into WRE:

1. Restart your computer.
2. Interrupt the boot process by turning off the computer when the Windows logo appears. Do this three times.
3. On the fourth boot, Windows will enter the Recovery Environment.
4. Select “Troubleshoot” > “Advanced options” > “Startup Settings” > “Restart.”
5. Press F4 to boot into Safe Mode.

Step 2: Navigate to the CrowdStrike Driver Folder

Once in Safe Mode or WRE, navigate to the folder containing the problematic CrowdStrike driver file.

1. Open File Explorer.
2. Go to C:\Windows\System32\drivers\CrowdStrike.

Step 3: Locate and Delete the Problematic File

In the CrowdStrike folder, look for a file named C-00000291*.sys.

1. Identify the file matching C-00000291*.sys.
2. Right-click the file and select “Delete.”

Step 4: Remove Bitlocker Encryption (If Applicable)

If your hard drive is encrypted with Bitlocker, you will need to temporarily disable the encryption to delete the file.

1. Open the Control Panel.
2. Go to “System and Security” > “Bitlocker Drive Encryption.”
3. Select “Turn off Bitlocker” for the affected drive.
4. After resolving the issue, re-enable Bitlocker encryption.

Step 5: Reboot Normally

After deleting the problematic file, restart your computer normally. Your system should now boot without any issues.

1. Click “Start.”
2. Select “Restart.”
3. Allow the computer to reboot normally.

Conclusion

By following these steps, you can resolve the CrowdStrike-induced boot issues and restore normal functionality to your Windows computer. This straightforward process involves booting into Safe Mode or WRE, deleting a specific driver file, and rebooting your system. If your drive is Bitlocker-encrypted, remember to disable and re-enable encryption as needed.

For any further assistance, CrowdStrike’s support team is available to help you through the process and ensure your system remains secure and operational.