![CrowdStrike update paralyzes servers worldwide [4. Update Microsoft Recovery Tool bereitgestellt]](https://www.deskmodder.de/blog/wp-content/uploads/2020/12/windows-updates-oder-bluescreens-vortaeuschen-002-306x191.jpg "CrowdStrike update paralyzes servers worldwide [4. Update Microsoft Recovery Tool bereitgestellt]")
Just a quick update: There are currently reports doing the rounds that airports such as BER, Sender and many others are currently unable to operate because the servers have crashed with a blue screen. The culprit is a CrowdStrike security update.
CrowdStrike is a security solution for Windows Server that is widely used around the world. The company is aware of this problem and already offers a solution. Using safe mode in the command prompt, csagent.sys can be renamed to csagent.sys.old.ren csagent.sys csagent.sys.oldor the crowdstrike driver folder itself was renamed.
Another workaround:
- Boot Windows in Safe Mode or Windows Recovery Environment
- Navigate to the directory C:WindowsSystem32driversCrowdStrike
- Search for the file named C-00000291*.sys and delete them.
- Then boot normally again
George Kurtz (President of CrowdStrike) has on X (Twitter) also left a message.
“CrowdStrike is actively working with customers affected by a flaw found in a single content update for Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed. We direct our customers to the Support Portal for the latest updates and will continue to provide full and continuous updates on our website.”
[Update]: The faulty update has now been withdrawn and the previous update has been installed. The situation is now back to normal.
[2. Update]: Meanwhile, there are also official workarounds from CrowdStrike itself. And Microsoft refers in a message on the Azure virtual machines that are affected.
[3. Update]:
Microsoft today added additional solution options for Azure VMs and also Windows 11 and Windows 10.
Meanwhile, the Cause of error which led to the worldwide “chaos”.
[4. Update]: Microsoft has now also provided a “Microsoft Recovery Tool” as “MsftRecoveryToolForCS.ps1”. You can find the instructions and the download via this link
Microsoft also issued a statement announcedthat about 8.5 million devices, or about 1%, were affected by the incident. 1% is not a lot, but it hit exactly the most important devices in the economy, causing a lot of financial damage.