Update: CrowdStrike announced a workaround to take Windows machines from the recovery boot loop. The steps are at the end of the story.
The Blue Screen of Death is impacting thousands of Windows machines today, as a faulty update from cybersecurity provider CrowdStrike is forcing those machines into a recovery boot loop, so they can’t start properly.
As reported by The Verge, the issue first affected Australian banks, airlines, and TV broadcasters, but it spread to Europe as the business day started. Among the companies affected, Ryanair had issues with a “third-party IT” impacting flight departures, the FAA is assisting American airlines due to communication issues, Berlin airport is also having difficulties, and so on.
On X, CrowdStrike CEO George Kurtz said the company was aware of this issue: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”
Even though the issue seems to have been identified and a fix has been deployed, it seems IT admins will have a busy day. According to The Verge, the “root cause appears to be an update to the kernel level driver that CrowdStrike uses to secure Windows machine.” While CrowdStrike has reverted the faulty update, it doesn’t appear to help machines that are already presenting the Blue Screen of Death.
A Reddit thread mixes possible solutions and workarounds with a lot of humor, as IT admins are already considering this issue a historical day, and fixing this boot loop isn’t that simple.
That said, if you work on a Mac or Linux machine, you might get double the work this Friday, as you’re not affected by this outage.
How to fix the BSOD issue on Windows caused by CrowdStrike
CrowdStrike announced a workaround to help users fix this issue and install the proper update. Follow the steps below:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching ‘C-0000029*.sys’ and delete it.
- Boot the host normally.