A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users worldwide. This update is leading to blue screen of death (BSOD) loops and making systems inoperable.
The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation.
CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue.
The company advises affected users not to open individual support tickets now. This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
IT departments are scrambling to mitigate the damage, with some resorting to removing CrowdStrike-related files from affected systems to restore functionality.
This incident highlights the potential risks associated with automatic updates for security software, especially in enterprise environments. Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future.
Users shared their views on the X(Formerly Twitter) & Reddit
Holiday mood on by Microsoft 😊Blue screen of death reported at multiple companies – Crowd Strike attackAre you also facing ??Guys it's a global issue from Microsoft #Bluescreen #Microsoft pic.twitter.com/lf2LAHmVFf
— Saurabh kumar (@Saurabhk0096) July 19, 2024
Many of the Airport systems have been affected by the crash.
CrowdStrike Update Crashes Windows SystemsA widespread outage affecting numerous Windows systems worldwide, both servers and workstations, is attributed to a flawed update of drivers associated with CrowdStrike EDR solutions. The affected systems display the 'blue screen of… pic.twitter.com/4g5ApEeZqK
— Kaspersky (@kaspersky) July 19, 2024
Major services like banks, media, Airlines, Microsoft services & stock exchanges were affected.
GLOBAL OUTAGES– Major banks, media and airlines affected by major IT outage– Significant disruption to some Microsoft services– 911 services disrupted in several US states– Services at London Stock Exchange disrupted– Sky News is off air– Reports the issue relates to…
— The Spectator Index (@spectatorindex) July 19, 2024
Microsoft Windows users right now. #crowdstrike #bsod pic.twitter.com/l153GL0xwU
— Tommy (@tferris) July 19, 2024
Due to global disruption, "blue screens of death" are taking over more institutions and businesses worldwide. pic.twitter.com/zwUJV6rdk0
— NEXTA (@nexta_tv) July 19, 2024
As the situation develops, CrowdStrike is expected to provide further updates and a permanent fix for the issue. In the meantime, affected users are advised to monitor official CrowdStrike communication channels for guidance on recovery procedures and temporary workarounds.
Microsoft has confirmed that it is investigating an “issue” affecting its 365 apps and operating systems, cautioning users to anticipate “service degradation.
“U.S. cybersecurity firm CrowdStrike has acknowledged responsibility for the error, stating they are “working on it.” Experts suggest that a “buggy” security update may have triggered the problem, though they caution that it is too early to “rule out” the possibility of a cyberattack.
Update 1: Below is a detailed table listing the affected countries and services as of July 19, 2024.
CountryCategoryDetails Australia MediaABC, SBS, Seven Network, Nine NetworkAirlinesQantas, Virgin Australia, JetstarAirportsSydney, MelbourneSupermarketsWoolworths, ColesBanksNAB, ANZ, Commonwealth Bank, Bendigo Bank, SuncorpRetailers and Fast FoodKFC, self-checkout systems Canada BanksTD Canada Trust mobile app outage Belgium Train ServicesTrain ticket purchases, digital announcementsMediaJOE, QMusicBanks and Post ServicesAirportsBrussels, Charleroi France TV ChannelsTF1, TFX, LCI, Canal+SystemsSystems for the 2024 Paris Olympics Croatia Health and Air TrafficCentral Health Information System, Air Traffic Control Germany Airports and AirlinesBerlin Airport, LufthansaHospitalsHospitals in Lübeck and Kiel Hong Kong SAR AirportsHong Kong International AirportAirlinesCathay Pacific, Hong Kong Express, Hong Kong Airlines India AirlinesAir India, Indigo, Akasa Air, SpiceJet, VistaraIT FirmsOracle, Nokia Israel Emergency and HealthMagen David Adom, Hospitals: Sheba, Laniado, RambamServicesIsrael Post, banks, pharmaceutical companies Malaysia Railway ServicesRailway operator KTMB’s ticketing system Netherlands Airports and AirlinesSchiphol airport, Transavia AirlinesBanksKNAB bankGovernment ServicesGovernment services, hospitals New Zealand BanksANZ, ASB, Kiwibank, WestpacSupermarketsWoolworths, FoodstuffsTransport and AirportsAuckland Transport, Christchurch Airport Philippines Various ServicesBanks, telecommunications, broadcasts, supermarketsAirlinesCebu Pacific flights South Korea AirlinesJeju Air Singapore AirportsChangi Airport Spain Air Navigation ServicesENAIRE’s Aena Switzerland AirportsZurich Airport United Kingdom MediaSky News, CBBCAirportsEdinburgh, GatwickRail CompaniesHealth ServicesNHS servicesFinancial ServicesLondon Stock ExchangeRetailersLadbrokes Coral United States AirlinesGround stops for United, Delta, American AirlinesEmergency Services911 service outages in Alaska, Arizona, New Hampshire
Update 2: The US Aviation Authority has mandated that all flights must land due to a technical computer glitch.
Update 3: Blue Screens at the Delhi Airport;
An update from Crowdstrike is below;
Source (cybersecuritynews.com)
Update from Crowdstrike: CrowdStrike CEO George Kurtz added that the issue has been identified and isolated, and a fix has been deployed. He added that this “was not a security incident or cyberattack.”
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
How to Check CrowdStrike sensor version is affected by the BSOD issue
-
Identify your sensor version: Boot into Safe Mode and check the CrowdStrike Falcon sensor version installed on your system. The problematic update seems to be affecting various sensor versions, including version 6.58.
-
Check the installation date: Look at the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
-
Look for specific error messages: The BSOD error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”. If you’re seeing this error, your system is likely affected.
Possible Workarounds
-
Boot Windows into Safe Mode or the Windows Recovery Environment
-
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
-
Locate the file matching “C-00000291*.sys”, and delete it.
-
Boot the host normally.
Please note these workarounds are not fully verified; we are awaiting updates on this.
Update: CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop; more details are here.
We are closely monitoring this developing story and providing comprehensive coverage of all the latest developments as they unfold.
