Reports of boot issues affecting Windows systems with CrowdStrike security software installed have caused concern in the IT community and chaos for businesses worldwide. While CrowdStrike has now addressed the problem, many IT professionals found themselves scrambling for the cause (and now solutions) in the interim. During this time, several Cimcor users reported successfully leveraging CimTrak to identify and understand these issues.
Our Senior Engineer, Justin Chandler, has shared a temporary workaround:
- Boot the affected system in Safe Mode or Recovery Mode
- Navigate to C:\\Windows\System32\Drivers\Crowdstrike
- Locate the driver file matching the pattern "C-00000291* .sys
- Delete this file
- Reboot the system
CimTrak played a crucial role in the investigation process for many of our users. One reported that CimTrak detected multiple engineer workstations going offline unexpectedly around 1-1:30 AM. Upon closer inspection, CimTrak logs revealed a series of CrowdStrike driver changes occurring immediately before the systems went offline, specifically involving the C-00000291 driver.
While CimTrak's restore features couldn't be utilized due to the boost failure, the detailed logs provided invaluable insights into the timing and nature of the changes, enabling users to conduct further research and work towards resolving the issue.
CrowdStrike has since acknowledged and addressed the problem. Taking to X for comment, CrowdStrike CEO George Kurtz stated, "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website."
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
This incident underscores the importance of comprehensive system monitoring and change detection in maintaining IT infrastructure health and quickly identifying the source of critical issues. We're proud that CimTrak continues to be a valuable tool for IT professionals in quickly diagnosing and addressing complex system problems.
As always, we recommend keeping all your software up to date and following vendor-provided guidelines for addressing known issues. For those affected by this specific CrowdStrike issue, please refer to their official support channels for the most up-to-date information and resolution steps.
July 19, 2024
Comments