Windows
Major Change
Admin impact
July 2024
Summary
Updated on July 22, 2024: Microsoft has released a third mitigation option for the CrowdStrike Falcon agent issue impacting Windows clients and servers. If devices are unable to recover with the two previous options, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints for detailed instructions on prerequisites and configurations to use PXE Recovery. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agen...
Details
Updated on July 22, 2024: Microsoft has released a third mitigation option for the CrowdStrike Falcon agent issue impacting Windows clients and servers. If devices are unable to recover with the two previous options, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints for detailed instructions on prerequisites and configurations to use PXE Recovery.
Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints for detailed instructions on using the signed Microsoft Recovery Tool.
Updated on July 20, 2024: Microsoft has released KB5042426, which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue.
A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center. Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints.
Updated on July 19, 2024: A new Knowledge Base article, KB5042421, with additional step-by-step guidance is now available for Windows 11 and Windows 10 clients. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available.
Microsoft has identified an issue impacting Windows endpoints that are running the CrowdStrike Falcon agent. These endpoints may encounter an error message on a blue screen and experience a continual restarting state.
We have received reports of successful recovery from some customers attempting multiple restart operations on affected Windows endpoints.
To mitigate this issue, follow these steps:
- Start Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys” and delete it.
- Restart the device.
- Recovery of systems requires a Bitlocker key in some cases.
For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status.
Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog.
Change History
No change history available
Never Miss a Microsoft 365 Update
Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.