When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Botched security update breaks Windows worldwide, causing BSOD and crashes

Neowin · · Hot! with 31 comments

Sad smiley face with blue background indicating a BSOD

Update: CrowdStrike CEO said the following about the situation:

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.

Multiple companies worldwide are currently forced to suspend their operations due to a faulty cybersecurity update from CrowdStrike. The update is taking down thousands of Windows computers, causing them to boot loop and crash to a blue screen of death with the error message csagent.sys (PAGE_FAULT_IN_NONEPAGED_AREA).

Affected companies include banks, airlines, TV channels, and more, and some of them are forced to halt their jobs almost completely, with most Windows PCs not working due to the Falcon Sensor agent from CrowdStrike, a system that monitors network activity and prevents cyberattacks. One user from Malaysia said on Reddit that 70% of their laptops are not stuck in a boot loop:

Malaysia here, 70% of our laptops are down and stuck in boot, HQ from Japan ordered a company wide shutdown, someone's getting fireblasted for this shit lmao

CrowdStrike has already confirmed the problem and reverted the update. However, the machines that are already affected still cannot operate properly. While IT admins are scratching their heads in attempts to understand what happened and how to resuscitate their computers, a lengthy thread on Reddit suggests deleting a file in the CrowdStrike directory:

Workaround Steps:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.

In a statement to The Verge, Microsoft also confirmed that it is aware of the situation.

While booting into Safe Mode and deleting a single file does not sound too hard on a single machine, servicing hundreds of computers, remote devices, and cloud-based service will be quite a chore for IT admins.

Report a problem with article
Samsung Galaxy Buds3 Pro
Next Article

Samsung temporarily halts Galaxy Buds3 Pro sales due to quality control issues

A man walking with elephants in Apples Wild Life
Previous Article

Apple unveils Immersive Video for Vision Pro coming to Apple TV app

Join the conversation!

Login or Sign Up to read and post a comment.

31 Comments - Add comment