- CrowdStrike fault update to its Falcon Sensor driver to blame for the Blue Screen of Death on Windows systems.
- The company has already fixed the problem and is working with customers to get them back online quickly.
- You can also use a workaround to fix the BSoD issue on Windows 11 and 10 computers, which must be done through Safe Mode.
UPDATED 7/22/2024: On Windows 11 (or 10), if your organization uses the cybersecurity company CrowdStrike and your computer crashes with a Blue Screen of Death (BSoD) noting the error 0x50 or 0x7E, you can use these instructions to get the device back up and running quickly.
What was the cause of the CrowdStrike outage?
As part of a routine deployment, the cybersecurity company recently made available a driver update for its Falcon Sensor, which is the core component of its Falcon platform, acting as a lightweight agent that provides essential security functionalities for devices, but after the deployment, many computers started to render a blue screen with the 0x50 or 0x7E error message that caused computers to reboot in a loop.
The biggest problem is that this system is used by more than half of Fortune 500 companies and caters to various sectors, including finance, government, healthcare, education, and more, and this buggy update ended up causing a worldwide disruption.
Once CrowdStrike became aware of the issue, it quickly began investigating and discovered that this problem only affected Windows computers. A fix became available hours later, but not before causing problems in banks, airlines, emergency systems, and more worldwide. (You can watch the CrowdStrike CEO statement here.)
Although a fix has already been issued, if you have a computer crashing with a blue screen (or “bugcheck”) due to this faulty update, CrowdStrike has also provided a workaround to prevent the BSoD from continuing to happen. Even though this was not a thing from Microsoft, the software giant also published some guidance on how to fix this issue, which basically included the same steps CrowdStrike offered.
According to Microsoft, more than 8.5 million Windows devices were affected by the CrowdStrike faulty update. Although this is a big number, it represents less than one percent of computers running Windows worldwide. However, the economic and social impact was very significant.
Does the CrowdStrike outage affect personal computers?
No, if you use a computer in your home or small office, you probably don’t use CrowdStrike software, meaning you haven’t been affected by this global issue.
What’s CrowdStrike?
CrowdStrike is a well-known cybersecurity company based in the United States that was co-counted in 2011. The company’s main focus is protecting organizations from cyber threats (such as data breaches and hacker attacks) through a cloud-delivered platform called Falcon.
CrowdStrike’s service provides real-time monitoring with AI and ML (machine learning) to give companies a fighting chance against online threats.
In this guide, I will explain the steps to fix the 0x50 or 0x7E error message on a blue screen on Windows 11 and Windows 10.
Fix CrowdStrike Blue Screen of Death (BSoD) on Windows
To resolve the blue screen error that resulted from the CrowdStrike driver update, use these steps:
-
Shut down the computer (if applicable).
-
Start the computer to allow the system to download the permanent fix.
-
If no Blue Screen of Death appears, continue using your computer. The problem is fixed, and you don’t need to do anything else. Otherwise, continue with the steps.
-
Force shut down the computer by pressing and holding the power button.
-
Start the computer again by pressing the power button, and as soon as the Windows logo appears, force shut down the computer again by pressing and holding the power button.
-
Repeat step 5 once or twice until the device boots into the Windows Recovery Environment (WinRE).
-
Click the Advanced Startup option.
-
Click the Troubleshoot option.
-
Click on Advanced options.
-
Click the Startup Settings option.
-
Click the Restart button.
-
After your computer reboots, press the F5 (or 5) key to select the “Enable Safe Mode with Networking” option.
Quick tip: You can use these instructions to learn more ways to access your computer in Safe Mode. -
Sign in to your account.
-
Open Start.
-
Search for Command Prompt, right-click the top result, and select the Run as administrator option.
-
Type the following command to access the CrowdStrike folder and press Enter:
cd C:\windows\system32\drivers\CrowdStrike
-
Type the following command to delete the buggy Falcon Sensor CrowdStrike files and press Enter:
del C-00000291*.sys
-
Restart the computer.
Once you complete the steps, the computer should start normally.
In addition to the permanent fix to this problem and the workaround to resolve this issue manually, CrowdStrike has also started a Reddit thread with more up-to-date information about this incident.
Fix for devices with BitLocker encryption
If you have a device with BitLocker encryption, Reddit user HammerSlo suggests a solution that seems to be working, which includes cycling through the blue screen until you get the recovery screen. In the Windows Recovery Environment (WinRE), navigate to Troubleshoot > Advanced Options > Startup Settings, and click the “Restart” button. Then, skip the first Bitlocker recovery key prompt by pressing the “Esc” key, and then skip the second Bitlocker recovery key prompt by selecting “Skip This Drive” in the bottom right.
After that, navigate to Troubleshoot > Advanced Options > Command Prompt, and run the bcdedit /set {default} safeboot minimal
command and press Enter.
On WinRE’s main menu, click the “Continue” option. This action may cycle two or three times. If you booted into Safe Mode, sign in with your account credentials.
While in Safe Mode, open File Explorer, open the C:\Windows\System32\drivers\Crowdstrike
path and delete the files that start with C-00000291*. sys
.
Finally, open Command Prompt (admin) and run the bcdedit /deletevalue {default} safeboot
command, and restart the computer.
Microsoft recovery tool to fix CrowdStrike issue
In addition to the resolution from CrowdStrike, Microsoft has also released a tool that network administrators can use to create USB bootable media to speed up the recovery process for the affected system.
To use the Microsoft Recovery Tool to resolve the CrowdStrike blue screen problem, use these steps:
-
Click and download the Microsoft Recovery Tool from the Download Center.
-
Extract the Zip file containing the PowerShell script.
-
Open Start.
-
Search for PowerShell, right-click the top result, and choose the Run as administrator option.
-
Type the following command to navigate to the directory with the script files and press Enter:
cd c:\path\to\recovery\tools\files
-
Type the following command to run the PowerShell script and press Enter:
& "MsftRecoveryToolForCS.ps1"
Quick note: If you can’t run the script, you may need to change the PowerShell execution policy. -
The ADK download and install will start and may take several minutes to complete.
-
You will be prompted to select a driver directory for image import optionally. Microsoft recommends you select “N” to skip this step. Some devices may need specific keyboards or mass storage drivers. However, “N” is sufficient for most devices.
Quick note: The tool will recursively import any SYS and INI under the specified directory. -
Insert the USB drive when prompted and provide the drive letter.
-
Once the USB creation is complete, remove the USB from the computer.
Once you complete the steps, you can choose to proceed to repair the device from the Windows Recovery Environment (Advanced Startup) or through Safe Mode.
Method 1: Recovery from Advanced Startup
-
Connect the USB flash drive to a device with the CrowdStrike blue screen.
-
Reboot the computer.
-
During restart, press the “F12” key (or follow manufacturer-specific instructions for booting to BIOS).
-
From the BIOS boot menu, choose Boot from USB and continue.
-
The PowerShell script will run automatically.
-
If BitLocker is enabled, the user will be prompted to use the BitLocker recovery key. When entering, include the dashes for the BitLocker recovery key.
-
The script will run to fix the CrowdStrike Blue Screen of Death.
Method 2: Recovery from Safe mode
-
Connect the USB flash drive to a device with the CrowdStrike blue screen.
-
Reboot the computer.
-
During restart, press the “F12” key (or follow manufacturer-specific instructions for booting to BIOS).
-
From the BIOS boot menu, choose Boot from USB and continue.
-
The tool will run, and the following message will appear: “This tool will configure this machine to boot in safe mode. WARNING: In some cases, you may need to enter a BitLocker recovery key after running.”
-
Press any key to continue, and the following message appears: “Your PC is configured to boot to Safe Mode now.”
-
Press any key to continue, and the computer will start in Safe Mode.
-
Run the “repair.cmd” batch file from the root of the USB flash drive to remediate the CrowdStrike blue screen problem, and the following message appears: “This tool will remove impacted files and restore normal boot configuration. WARNING: You may need a BitLocker recovery key in some cases. WARNING: This script must be run in an elevated command prompt.”
-
Press any key to continue, the repair will be applied, and the normal boot flow will be restored.
-
Once successful, you will see the following message: “Success. System will now reboot.”
-
Press any key to continue, and the device will reboot normally.
Once you complete the steps, restart the computer to start Windows 11 or 10 normally.
If you have an affected Windows installation on a Hyper-V virtual machine, or it’s not possible to boot a device from USB, Microsoft is also providing the instructions to recover virtual machines or use PXE Recovery to repair affected systems.
Update July 22, 2024: This guide has been updated to ensure accuracy and reflect changes to the process.