What happened:
CrowdStrike has identified an issue that has caused some Windows hosts to experience crashes. These crashes are related to the Falcon Sensor, a crucial component of our endpoint protection solution. The issue surfaced following a recent content deployment, which inadvertently caused the Falcon Sensor to malfunction.
What to expect:
Affected hosts may encounter a bugcheck, commonly known as a blue screen error. This error disrupts normal operations, leading to system crashes and instability. We understand the inconvenience this causes and are working diligently to resolve it.
What next:
CrowdStrike engineering team has swiftly responded by identifying the problematic content deployment and reverting the changes. This should prevent further occurrences of the issue. However, if your hosts are still experiencing crashes and are unable to stay online to receive the corrective updates, please follow the steps below to manually address the problem:
Workaround Steps:
- Boot the affected Windows host into Safe Mode or the Windows Recovery Environment.
- Once in Safe Mode, navigate to the following directory:
C:\Windows\System32\drivers\CrowdStrike. - Locate the file matching the pattern “C-00000291*.sys” and delete it.
- Reboot the host normally.
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.
