CrowdStrike Update Pushing Windows Machines Into a BSOD Loop

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users worldwide. This update is leading to blue screen of death (BSOD) loops and making systems inoperable.

The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation

CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue

The company advises affected users not to open individual support tickets now. This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

IT departments are scrambling to mitigate the damage, with some resorting to removing CrowdStrike-related files from affected systems to restore functionality

This incident highlights the potential risks associated with automatic updates for security software, especially in enterprise environments. Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future

As the situation develops, CrowdStrike is expected to provide further updates and a permanent fix for the issue. In the meantime, affected users are advised to monitor official CrowdStrike communication channels for guidance on recovery procedures and temporary workarounds.

How to Check CrowdStrike sensor version is affected by the BSOD issue

  1. Identify your sensor version:
    Boot into Safe Mode and check the CrowdStrike Falcon sensor version installed on your system. The problematic update seems to be affecting various sensor versions, including version 6.58
  2. Check the installation date:
    Look at the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause
  3. Look for specific error messages:
    The BSOD error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”. If you’re seeing this error, your system is likely affected

Possible Workarounds

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:WindowsSystem32driversCrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.

Please note these workarounds are not fully verified; we are awaiting updates on this.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.