CrowdStrike Issue Hits Windows Updates

Systems around the world have faced a major outage following an issue with CrowdStrike security software blocking recent Windows Updates.

Thousands of organisations including airports, hospitals, train networks and financial exchanges have experienced widespread system issues as of Friday 19th July 2024 – with international media reporting long travel delays and difficulties transacting payments.

The issue is currently believed to impact:

  • Windows environments running Crowdstrike cyber security software, which is blocking a recent Windows update, resulting in systems being unable to restart.
  • Certain Microsoft cloud-services with back-end dependencies on systems operating CrowdStrike.

Affected systems restart into the infamous ‘Blue Screen of Death’ (BSOD) upon unsuccessful update. Updating PCs via physical access is a major challenge for organisations with large scale sites or remote operations spread over a wide geographic area.

CrowdStrike / Windows Issue

Please note that Lineal Managed Services are not affected by the current worldwide CrowdStrike / Windows update issue affecting systems around the world. As of 0630hrs UTC, a manual workaround is available for Windows installations affected by this third-party software error, to manually remove the obstacle to a successful update.

If you or any part of your organisation has been affected by this issue, please contact our team via our [email protected] or 01271375999. If you know of anyone who may be affected, please ask them to get in touch for assistance.

A number of potential fixes are recommended, however some involve disabling the CrowdStrike agent, potentially leaving a further cyber security vulnerability:

  • Either booting Windows into Safe Mode or the Windows Recovery Environment, and manually deleting ‘C-00000291*.sys’ from the CrowdStrike Directory, rebooting the host normally.
  • OR Booting in Troubleshooting mode, and renaming CS.Agent.sys via Command Prompt.
  • OR For virtual machines – mounting discs elsewhere to change the file blocking successful update.
  • OR using Microsoft Intune / another patch management platform to block any updates likely to be faulty if not yet applied.

However, as already noted by a number of Lineal engineers – resolving the problem is likely to involve complications where organisations have Bitlocker encryption deployed to the Windows environment.

If you or any part of your organisation have been affected by this issue, please contact our team via our [email protected] or 01271375999. If you know of anyone who may be affected, please ask them to get in touch for help.