Major security software provider CrowdStrike pushed an update last night that created major issues for Windows devices. Airlines are down, banks are down. You might be down.
CrowdStrike corrected the update causing the problem, but unfortunately impacted machines are not able to get back online to download the “fix” automatically and will likely require manual intervention.
Here are the steps CrowdStrike provided to remediate a workstation that has sent been into a boot loop.
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.
It’s also important to note this was not a security event, but a bug in the software.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack,” CrowdStrike CEO George Kurz wrote, adding that the issue has been “identified, isolated and a fix has been deployed.”