Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. CrowdStrike System Outage
Alerts

CrowdStrike System Outage

19 July 2024

Update on 22 July 2024

CrowdStrike has released additional technical advice to support those who may be experiencing remediation difficulties due to Bitlocker implementations.

Users and administrators of affected systems are encouraged to review CrowdStrike’s Bitlocker guidance, which is available at the Falcon Content Update Remediation and Guidance Hub.

***

CrowdStrike has released information regarding a temporary workaround for systems affected by a recent update to their CrowdStrike Falcon Sensor. Users of affected systems have reported experiencing a Blue Screen of Death (BSOD) error. 

Users and administrators of affected systems can take the following steps to circumvent this issue:

1. Boot Windows into Safe Mode or the Windows Recovery Environment.

2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.

3. Locate the file matching the pattern "C-00000291*.sys" and delete it. 

4. Boot the host normally.

Users and administrators of affected systems within a public cloud or similar environment (including virtual) can either roll back to a snapshot before 0409 UTC, or take the following steps to circumvent this issue:

1. Detach the operating system disk volume from the impacted virtual server

2. Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes

3. Attach/mount the volume to a new virtual server

4. Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory

5. Locate the file matching “C-00000291*.sys” and delete it.

6. Detach the volume from the new virtual server

7. Reattach the fixed volume to the impacted virtual server

CrowdStrike has acknowledged that this is a technical issue and advised users to follow the outlined steps. They will also be updating their support portal with the latest information and recommendations.

More information is available here:

https://azure.status.microsoft/en-us/status

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

https://x.com/George_Kurtz/status/1814235001745027317
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

Back to top