Fixing the Blue Screen of Death

12742978500?profile=RESIZE_400xA Microsoft outage starting during the evening of 18 July which crippled airlines, financial services, health-care and many energy companies across the world, resulting for many in a "blue screen of death" on their work computers.  In response, Microsoft on Saturday released a recovery tool to help repair Windows machines affected by the bug, a day after CrowdStrike provided instructions for how to fix a crashed PC.

CrowdStrike, a cybersecurity firm whose software protects small businesses and large companies from cyberattacks and other online threats, said it caused the outage when it sent out a software update with a glitch, crashing Windows computers running the company's software.  The bug does not affect Mac and Linux computers.  "We understand the gravity of this situation and are deeply sorry for the inconvenience and disruption," the company said in a statement.[1]

The fallout has been massive.  Airport travelers have been stranded. Hospital appointments have been delayed or canceled.  And employees have been unable to work, all because of this software update, which has caused the infamous blue screen of death on Windows PCs with the CrowdStrike glitch.  Now, while most people simply have to wait for the issue to be solved, if you're on the other side of the problem, and you're the one dealing with the blue screen of death on your PC, there is a fix, which CrowdStrike itself has posted on its website.

How to fix your Microsoft Windows PC impacted by the CrowdStrike bug - Microsoft on Saturday released on its Microsoft Download Center a USB tool that it said can help IT administrators with the repair process.  The tool requires you to have administrative privileges and a BitLocker recovery key for each Windows PC.  Microsoft also posted recovery steps to fix PCs continually restarting because of the faulty CrowdStrike update.

On 19 July, CrowdStrike said it has identified the issue and has sent out a fix.  "We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website."

The first thing you should try to solve the blue screen of death is to restart your Windows computer until CrowdStrike's fix comes through.  CrowdStrike on Friday appeared on NBC's "Today" show and said, "Many of the customers are rebooting the system and it's coming up operational because we fixed it on our end."  This has in fact worked for many people.  This user on X had success after rebooting their computers several times.  Microsoft has also said that they've received feedback that several reboots (as many as 15) has been effective.  However, if you're still having issues even after rebooting, CrowdStrike recommends booting up into safe mode and then deleting the corrupted file. This is what the company details on the CrowdStrike website:

  • Boot your Windows computer into Safe Mode or the Windows Recovery Environment.
  • Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
  • Locate the file matching "C-00000291*.sys" and delete it.
  • Boot the host normally.
  • Note: Bitlocker-encrypted hosts may require a recovery key.

 

If you're dealing with a public cloud or another virtual environment, there's a different fix for you that CrowdStrike recommends, which you can check out over at its website.

This article is shared at no charge for educational and informational purposes only.

We’d like to thank Fortinet Labs for this great report.  Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5378972949933166424

[1] https://www.msn.com/en-ph/news/technology/how-to-fix-your-windows-pc-affected-by-the-crowdstrike-outage-blue-screen-of-death/ar-BB1qiesZ/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!