Fix BSOD caused by CrowdStrike
Restoring a computer stuck in blue screen loop caused by CrowdStrike update
Published: 19 Jul 2024
CrowdStrike
What is CrowdStrike?
CrowdStrike is an American cybersecurity company. Founded in 2011 and is today among the biggest in its field and is used by many of the biggest companies in the worldWhat caused the BSOD?
On July 19th 2024, CrowdStrike released a faulty security patch that was automatically rolled out to Windows 8 and newer devices using their security software. Causing many of the devices to crash with BSOD (Blue Screen of Death), while giving stop code PAGE_FAULT_IN_NONPAGED_AREA and then getting stuck in a boot screen loop, not being able to get back into WindowsMac, Linux and older Windows devices are not affected by this issue
Fixing BSOD issue
A fixed file is already released by CrowdStrike, so if you are able to boot into Windows the new file should automatically be retrieved and will have a timestamp of 05:27 UTC or later (good version)If you can't boot into Windows or the computer keeps crashing, then one need to remove the faulty patch file C-00000291-*.sys (timestamp 04:09 UTC is the faulty file)
Removing faulty file
- Boot Windows into Safe Mode or Windows Recovery Environment
- Login to Windows with an account that has admin access
- Once in Windows, navigate to %WINDIR%\System32\drivers\CrowdStrike
- Locate the file matching C-00000291-*.sys (note 291 needs to be in the first section of numbers, not second or third section) and delete it
- Boot the host normally
We understand just trusting steps on a site randomly found on the internet might not always be the easiest thing to do, so you can also check out the official statement from CrowdStrike here [↗]
We sometimes publish affiliate links and these always needs to follow our editorial policy, for more information check out our affiliate link policy