Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. CrowdStrike is widely used by many businesses worldwide for managing the security of Windows PCs and servers.
CrowdStrike’s products are extremely popular, and this problem is shockingly widespread. I’ve got a bunch of friends in corporate IT, and none of them are having a good day. Here’s Warren again:
CrowdStrike says the issue has been identified and a fix has been deployed, but fixing these machines won’t be simple for IT admins. The root cause appears to be an update to the kernel level driver that CrowdStrike uses to secure Windows machines. While CrowdStrike identified the issue and reverted the faulty update after “widespread reports of BSODs on Windows hosts,” it doesn’t appear to help machines that have already been impacted.
It looks like the fix is going to be pretty hands-on, at least for now, according to Kevin Purdy at Ars Technica:
A CrowdStrike engineer posted in the official CrowdStrike subreddit that the workaround steps involve booting affected Windows systems into Safe Mode or the Recovery Environment, navigating to a CrowdStrike directory, and deleting a .sys file and rebooting. If this works, it’s not something that can be done through a network push, so a lot of manual work remains to be done.
Rebooting a system 15 times sounds pretty manual to me.