I am sure by now we have all heard or experience challenges because of the driver issue between Crowd strike and Microsoft. Many organizations ranging from Health, Banking, Retail, and Airlines have been affected and we are expecting major down time over the next couple of days, weeks, or months depending on the recovery plans of each organization.

What happened?

As a leading cybersecurity vendor Crowd strike took the steps to update it’s software to further protect it’s customers but that update caused an issue with the Microsoft servers causing what we call the blue screen of death BSOD.

Why should we patch systems?

Patching is a critical process that allows organizations to keep their systems up to date. This allows you to do the following:

  1. Prevents Operational Disruptions
  2. Maintains Security Integrity
  3. Ensures Compatibility

What can be done?

Now you may already know why patching is important and what happened but how do you fix the issue, is there a work around? Thank goodness their is a work around right now, it is as follows:

Workaround Steps:

1. Boot Windows into Safe Mode or the Windows Recovery Environment

2. Navigate to the C: (Windows|System32|drivers\CrowdStrike directory

3. Locate the file matching “C-00000291*sys”, and delete it

4. Boot the host normally.

Do you need help?

This can be a daunting task to try and recover from this issue on your own. Reach out to us and we will assist you as best as we can. +17845313631, sales@eknotec.co

Resources:

  1. https://www.auditpeak.com/lessons-from-the-crowdstrike-patch-incident/ , Audit Peak, July 19th, 2024|FISMAGLBAHIPAAMARS-ENISTNIST 800-53SOC 2