The fix such as it is:
Workaround Steps:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Printed that info out just in case. I see that I don’t have crowdstrike on my Windows 10 laptop. I figure that must be something the user installs.
Assuming this fix works, unless this process can be automated, would you trust the average end user in corporate American being able to complete this task successfully.
Even if end users can complete this fix successfully, how long will it take to complete this process on millions of computers worldwide.
Regardless, it will take a while to get everything back up.
I spent 38 years in IT support, I’ve seen some major screwups that took down large portions of major networks, this is either a major screwup or a massive cyber-attack, personally I don’t believe in coincidences.
Yep, my team is applying that fix now... just grabbed some caffeine... it’s gonna be a day....
Thanks:
Similarly:
“C:\Windows\System32\drivers\CrowdStrike directory”
Don’t have that directory on my work laptop, nothing at work seems to be down. I am fairly sure we do not push out bleeding edge updates.
There is no CrowdStrike directory in my C:\Windows\System32\drivers\ (W/11, 23h2), while I also usually delay updates for 5 weeks. And prevent some. Thank God, no issues.
Yep... It’s not hard to do, but now consider how many people barely know how to turn their machines ON...
My companies help desk has an all hands “help us” alert out.
Thankfully, most of our clients went with Sentinel 1 over Crowdstrike... but we still have a few.
They’ve turned Windows into a toy operating system.