CrowdStrike Advisory - Aqueduct Tech

Aqueduct Technologies – Advisory

CrowdStrike Global Windows Outage

7/22/24 Update:
Microsoft has released a tool that you can use to create a bootable USB drive, boot an impacted endpoint to it, and automatically remove the CrowdStrike update file causing the BSOD issue. 

The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: https://go.microsoft.com/fwlink/?linkid=2280386.

More information

An update to the CrowdStrike Falcon Sensor causes Microsoft Windows endpoints to crash, resulting in a Blue Screen of Death (BSOD) error and the inability to boot the machine. CrowdStrike has addressed the issue with a fix for the defected update which will prevent the issue for systems which have not yet been updated; however, for systems with the defect already installed and are unable to boot/reach the internet to download the fix, manual intervention may be required to remediate. This document outlines the remediation and verification steps required as they are currently known.

CrowdStrike Official Statement (updated live):  https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
Please refer to this update link for any new information which may be posted.

MANUAL HOST REMEDIATION

Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:

    1. Boot Windows into Safe Mode or the Windows Recovery Environment
      1. NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
    2. Navigate to the %WINDIR%\\System32\\drivers\\CrowdStrike directory
    3. Locate the file matching “C-00000291*.sys”, and delete it.
    4. Boot the host normally.

 HOST IDENTIFICATION

Please refer to the live article here for information about using the Advanced Event Search function on the CrowdStrike Admin Dashboard to identify impacted endpoints (CrowdStrike Login Required):
https://supportportal.crowdstrike.com/s/login/?ec=302&startURL=%2Fs%2Farticle%2FTech-Alert-Window%2520s-crashes-related-to-Falcon-Sensor-2024-07-19

 

ADDITIONAL ASSISTANCE
Aqueduct is committed to the success of our customers and is ready to assist with resolution of this issue. While we work to proactively reach out to our customers, if you require immediate assistance, please contact us:

For existing Managed Services customers, please email NOC@aqueducttech.com
For non-Managed Services customers, please email services@aqueducttech.com