A security error made Windows PCs around the world cause a global tech outage, but there is a temporary fix
CrowdStrike confirmed their update caused the outage.
3 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Picture this: you’re having your morning coffee, prepared to begin the day with a burst of work, and suddenly, your computer screen turns blue. It’s not simply any blue, though; it is what everyone fears – the Blue Screen of Death (BSOD).
Now multiply that annoyance by thousands, even millions, as an unsuccessful security update from CrowdStrike causes Windows PCs around the globe to go haywire with crashes and boot loops in a worldwide outage. This recent nightmare scenario has disrupted companies of all sizes, from large banks and airlines to small TV channels.
The cause was a cyber attack. A faulty update led to Windows PCs crashing and displaying a blue screen and the mysterious error code csagent.sys (PAGE_FAULT_IN_NONEPAGED_AREA), in a global outage.
The cybersecurity giant Crowdstrike swiftly acknowledged the error and reversed the update. But it was too late—machines that had already experienced the update were now broken down and couldn’t function well anymore.
One hopeful Reddit thread proposed a solution: start the system in Safe Mode and remove a certain file from the CrowdStrike directory. It sounds simple, but it becomes difficult to do this on many machines – maybe hundreds or even more.
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
Workaround Steps:
Reddit user
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
The mess was not confined to one place; it spread worldwide. Businesses from Malaysia to the UK reported big problems. Sky News had to apologize for stopped broadcasts, and Ryanair had to deal with flight delays. Even the US Federal Aviation Administration confirmed this problem, stating that flights from big airlines were halted because of it.
Reports say banks in Australia were affected, and many companies there reported that their devices were suddenly offline. As working hours started to happen in Europe, companies reported the same issue, with many airports and hospitals experiencing it. Even more, the Windows PC outage has heavily impacted airports in Alaska and India.
George Kurtz, CEO of Crowdstrike, posted on X:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
George Kurtz
The entrepreneur says that the issue is not a security incident or a cyberattack but a bug, which will be fixed. However, dealing with affected devices will be a long day for IT admins.
On Reddit, there are already several workarounds that IT admins can try, and we have gathered them all in this article.
Developing story…
User forum
0 messages