Fix for the Crowdstrike Outage
Systems across the globe are experiencing outages today, grinding transportation, administration, and business systems everywhere to a halt. The issue was caused by a Crowdstrike update. Although many organizations don’t use Crowdstrike directly, the effects are downstream reaching to systems all over the world. For time, even Microsoft was impacted.
The cause of the Crowdstrike outage stems from a faulty channel file that was deployed during the most recent update. Although not a surefire fix, these are some steps you can to possibly resolve the issue.
Boot to Safe Mode or the Command Prompt from the WinRE blue screen:
- Safe Mode: See advanced repair options → Troubleshoot → Advanced options → Startup Settings → Restart → Options menu: F4 / 4
- WinRE: Command Prompt – See advanced repair options → Troubleshoot → Advanced options → Command Prompt
If the machine is stuck on a BSOD and does not auto-boot to WinRE:
- Reboot the machine by holding down power button for ~10s
- Once Windows’ bootloader begins loading Windows, repeat 2x
Note: Windows will auto-boot to WinRE upon two failed attempts by the Windows bootloader to load Windows
Delete file matching C-00000291*.sys within:
%WinDir%\System32\drivers\CrowdStrike
- Safe Mode:
- Open an Admin terminal: WinKey+R → Open: powershell → Ctrl+Shift+OK
- Delete file: Remove-Item -Path “$env:WinDir\System32\drivers\CrowdStrike\C-00000291*.sys” -Force
- Reboot: Shutdown /f /r /t 0
WinRE Command Prompt: (C: is usually not the OS partition mount point in WinRE)
- Obtain mount point of the OS partition:
- ::# Launch DiskPart:
- DiskPart
- ::# List all volumes [partitions]:
- Lis Vol
- ::# Close DiskPart:
- Exit
- Delete file: Del /f /q “<OSdriveLetter>:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys”
- Reboot: Close Command Prompt → Continue to Windows <#>
Perform a normal Windows reboot.
If you or an organization still needs help recovering from this outage, CyberLife is available to assist with your recovery.
