scorecard
  1. Home
  2. tech
  3. news
  4. The only solution to the 'blue screen of death' may be a manual fix — here's what you can try

The only solution to the 'blue screen of death' may be a manual fix — here's what you can try

Jyoti Mann   

The only solution to the 'blue screen of death' may be a manual fix — here's what you can try
  • A mass IT outage is affecting flights, banks, and supermarkets around the world.
  • James Bore, a cybersecurity expert, told BI there's no remote or automatic solution for the problem.
Airlines, banks, retailers and healthcare providers are experiencing widespread disruptions linked to an IT outage after Microsoft reported problems linked to an issue at cybersecurity firm CrowdStrike.

James Bore, a cybersecurity expert and managing director of Bores Group, told Business Insider the outages appear to have been caused by a tool called Falcon from cybersecurity firm CrowdStrike, which is widely used to protect computers from attacks.

The tool has a corrupted file that is "knocking out computers, putting them into what's known as the 'blue screen of death.'"

Bore said the issue can't be fixed automatically as it requires a manual reboot in "safe mode" and deleting the offending file.

"There is no automated way to do this. There is no way to pull that file back or send out a new update, meaning every computer affected has to have some manual interaction," he said.

Each fix should only take between 30 and 60 seconds, but problems could persist for some time, Bore added.

"It depends on how quickly they can deal with the problem at the source, whether they can pull down that file because the way that modern infrastructure works is likely to be replicated across the world in local servers. For CrowdStrike Falcon to pull it down now, changing that, making sure it's updated, that does take time," he said.

Ian Thornton-Trump, Cyjax's chief information security officer, told BI that what has been done cannot be undone for those blue-screen machines.

"If the machines can be booted in safe mode, they may be able to issue an out-of-band update or patch. That's time-consuming — if the machines are critical, they might actually consider restoring from backup or a shadow copy [a built-in Microsoft recovery feature]."

Microsoft and CrowdStrike didn't immediately respond to requests for comment from Business Insider.

How to try to fix your PC

  1. Bore said the first step is rebooting your computer, which should give a "safe mode" option once it restarts. (You won't have a network connection, and that's intentional).
  2. 2. Open the File Browser and find where CrowdStrike is installed, probably in a folder called C:\Windows\system32\drivers\Crowdstrike. "Be very careful not to mess with anything else in the system32 folder, as you can cause whole new problems that way," Bore advised.
  3. In the Crowdstrike folder look for a file called (C-00000291*.sys — then delete that file and reboot the computer.


    Microsoft wrote in an X post that users can "restore their Windows 365 Cloud PC to a known good state prior to the release of the update" on July 19 to fix the issue and linked to a guide on how businesses can do so.

    In a post on the website of Microsoft's Azure cloud service, the company said it had received reports that switching devices on and off again had worked to restore affected "virtual machines" that run remotely.

    However, it warned that users might need to switch their machines on and off again as many as 15 times for this method to work.
Correction: July 22, 2024 — This story has been updated to clarify the path to the folder where CrowdStrike is usually installed.

READ MORE ARTICLES ON



Popular Right Now



Advertisement