hi all,
a crwod strike update causes a BSOD loop of Windows systems.
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
+19
Eeek! Thanks for sharing!
+6
thanks for sharing this, a few of my customers and colleagues are running in this issue this morning.
+21
Saw this in the news this morning. Notified my security team as I think we use it on some servers. Thanks for sharing here as well.
+19
I forgot we are testing CS out before implementing it. We had the agent on a handful of systems to test….which of course I had to fix this morning 🙄
+21
Whew! We did have this installed in two DCs but have since replaced it with Carbon Black. So we are not affected. 😁
+11
Some customers were tremendously affected.
Until the real problem was discovered, it was necessary to return some backups here.
+19
Whew! We did have this installed in two DCs but have since replaced it with Carbon Black. So we are not affected. 😁
Close call! Remediation isn't too bad aside from it being a manual process. The OS file system is still reachable via admin$ so you can log into an unaffected system then remote to those affected & remove the problem .sys file. Bright side 😁
+19
Some customers were tremendously affected.
Until the real problem was discovered, it was necessary to return some backups here.
😳😳
+21
For any wondering this is the workaround on affected systems or as Shane stated remotely from a working system to the admin$ share -
Workaround Steps:
+10
For any wondering this is the workaround on affected systems or as Shane stated remotely from a working system to the admin$ share -
Workaround Steps:
hi
Here many impacted customers, all windows systems in BSOD were not responding in network.
All O.S. Windows were in this condition similar to this sshot, no adminshare available. 😫
ragards
+21
For any wondering this is the workaround on affected systems or as Shane stated remotely from a working system to the admin$ share -
Workaround Steps:
hi
Here many impacted customers, all windows systems in BSOD were not responding in network.
All O.S. Windows were in this condition similar to this sshot, no adminshare available. 😫
ragards
Ah sorry I did not go back to the OP. Oops my bad. 😋😂
Guess it doesn’t hurt to have it twice. 😆
+19
For any wondering this is the workaround on affected systems or as Shane stated remotely from a working system to the admin$ share -
Workaround Steps:
hi
Here many impacted customers, all windows systems in BSOD were not responding in network.
All O.S. Windows were in this condition similar to this sshot, no adminshare available. 😫
ragards
I had that screen too
+19
I was even able to restart a couple VMs and it went to the login screen. Though, that may not be the norm. 🤷🏻♂️
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
