CERT-In Advisory on Outage of Microsoft Windows due to Crowd Strike agent Falcon Sensor CERT-In Advisory CIAD-2024-0035 Original Issue Date: July 19, 2024 Outage of Microsoft Windows due to Crowd Strike agent Falcon Sensor update Severity Rating: Critical DescriptionIt has been reported that Windows hosts related to Crowd strike agent "Falcon Sensor" are facing outages and getting crashed due to recent updatereceived in the product. The concerned windows hosts are experiencing a "Blue Screen of Death (BSOD)" related to Falcon Sensor. Workarounds: The issues occurred in the latest update of CrowdStrike and the changes have been reverted by the Crowd Strike Team. If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used as work around for this issue: 1. Boot Windows into Safe Mode or the Windows Recovery Environment 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Boot the host normally. Also, users are advised to check the latest updates from Crowd Strike portal. Vendor Information CrowdStrike https://supportportal.crowdstrike.com/ Disclaimer- The information provided herein is on "as is" basis, without warranty of any kind. Contact Information Email: info@cert-in.org.in Phone: +91-11-22902657 Postal address Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India Source - https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2024-0035