CERT-In Advisory: Microsoft windows systems crippled by CrowdStrike Falcon sensor update

Jul 19, 2024

New Delhi [India], July 19 : The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, CIAD-2024-0035, addressing a severe outage impacting Microsoft Windows systems.
According to CERT, this disruption is linked to the recent update of the CrowdStrike agent, Falcon Sensor, which has caused affected systems to experience crashes and the notorious "Blue Screen of Death" (BSOD).
Recent reports have indicated that Windows hosts equipped with the CrowdStrike Falcon Sensor are encountering stability issues due to the latest update of the product.
This update has led to widespread outages and system crashes, rendering many Windows hosts inoperable and displaying the BSOD.
To mitigate these issues, the CrowdStrike team has reverted the changes made in the recent update. However, if hosts are still experiencing crashes and are unable to stay online to receive the necessary Channel File Changes, CERT-In recommends certain steps.
1. First, boot Windows into Safe Mode or the Windows Recovery Environment.
2. Next, navigate to the directory C:\Windows\System32\drivers\CrowdStrike and locate the file matching the pattern "C-00000291*.sys".
3. Once identified, delete the file. Finally, reboot the host normally.
Users are also advised to check for the latest updates and further instructions on the CrowdStrike support portal: CrowdStrike Support Portal.
Union Minister for Information Technology Ashwini Vaishaw assured that the Government was in touch with Microsoft.
"MEITY is in touch with Microsoft and its associates regarding the global outage. The reason for this outage has been identified and updates have been released to resolve the issue. CERT is issuing a technical advisory. The NIC network is not affected," the Minister said.
Earlier on Friday, Global software giant Microsoft said that an outage in its online services has affected customers across the world, including in India. Microsoft Windows users reported facing 'Blue Screen of Death' errors with many users taking to social media platform X to report about the issue.
Meanwhile, in its latest update, Microsoft said " Our services are still seeing continuous improvements while we continue to take mitigation actions. Multiple services are continuing to see improvements in availability as our mitigation actions progress."