CrowdStrike Update Pushing Machines into a BSOD Loop


A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users worldwide. This update is leading to blue screen of death (BSOD) loops and making systems inoperable.

The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation.

CrowdStrike Update Pushing Machines into a BSOD Loop

CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue.

CrowdStrike Update Pushing Machines into a BSOD Loop
Source (cybersecuritynews.com)

The company advises affected users not to open individual support tickets now. This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

IT departments are scrambling to mitigate the damage, with some resorting to removing CrowdStrike-related files from affected systems to restore functionality.

This incident highlights the potential risks associated with automatic updates for security software, especially in enterprise environments. Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future.

Users shared their views on the X(Formerly Twitter) & Reddit

Many of the Airport systems have been affected by the crash.

Major services like banks, media, Airlines, Microsoft services & stock exchanges were affected.

As the situation develops, CrowdStrike is expected to provide further updates and a permanent fix for the issue. In the meantime, affected users are advised to monitor official CrowdStrike communication channels for guidance on recovery procedures and temporary workarounds.

Microsoft has confirmed that it is investigating an “issue” affecting its 365 apps and operating systems, cautioning users to anticipate “service degradation.

“U.S. cybersecurity firm CrowdStrike has acknowledged responsibility for the error, stating they are “working on it.” Experts suggest that the problem may have been triggered by a “buggy” security update, though they caution that it is too early to “rule out” the possibility of a cyberattack.

How to Check CrowdStrike sensor version is affected by the BSOD issue

  1. Identify your sensor version:
    Boot into Safe Mode and check the CrowdStrike Falcon sensor version installed on your system. The problematic update seems to be affecting various sensor versions, including version 6.58.
  2. Check the installation date:
    Look at the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
  3. Look for specific error messages:
    The BSOD error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”. If you’re seeing this error, your system is likely affected
    .

Possible Workarounds

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:WindowsSystem32driversCrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.

Please note these workarounds are not fully verified; we are awaiting updates on this.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.





Source link