A far-reaching system issue (BSOD) has hit tens of thousands of PCs running on Windows worldwide, showing critical failures at boot time. This has impacted many industries, including the banking sector, rail networks, airlines, and retail, along with broadcasting, healthcare, and others. The malfunction is making computers refuse to start up properly, putting them into endless recovery cycles manifesting as the infamous Blue Screen of Death.
Root cause: CrowdStrike Falcon antivirus update
According to analysis, this failure is due to the recent update of the CrowdStrike Falcon antivirus software installed in Windows 10 PCs. Most notably, the same cybersecurity software did not impact Mac and Linux machines at all. Crowdstrike, a leader in endpoint security protection for corporate networks, issued a statement addressing the issue:
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they're communicating with Crowdstrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
CrowdStrike’s antivirus service is widely installed on Microsoft systems, including the Windows operating system.
Scope of the impact
Reports suggest that the BSOD issues have been reported from areas such as Asia, Australia, and North America, among others. The situation has significantly impacted airline services because of a concurrent outage hitting Microsoft’s Azure platform.
How to fix Windows Blue Screen of Death and Boot Loop
CrowdStrike has released steps for system administrators to restore functionality for those affected by the now-rolled-back update failure.
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
- Locate and delete the file matching ‘C-00000291.sys’.*
- Boot the host normally.
Other implications and observations
Although Apple’s system status page does not indicate any issues with its services, there are some isolated troubles in some businesses with contactless payment that could have impacted Apple Pay.