A recent CrowdStrike Falcon sensor update is causing significant disruptions for Windows users worldwide, pushing machines into blue screen of death (BSOD) loops and rendering systems inoperable.
The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation.
CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue.
The company advises affected users not to open individual support tickets now. This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
IT departments are scrambling to mitigate the damage, with some resorting to removing CrowdStrike-related files from affected systems to restore functionality.
This incident highlights the potential risks associated with automatic updates for security software, especially in enterprise environments. Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future.
As the situation develops, CrowdStrike is expected to provide further updates and a permanent fix for the issue. In the meantime, affected users are advised to monitor official CrowdStrike communication channels for guidance on recovery procedures and temporary workarounds.
How to Check CrowdStrike sensor version is affected by the BSOD issue
Identify your sensor version:
Boot into Safe Mode and check the CrowdStrike Falcon sensor version installed on your system. The problematic update seems to be affecting various sensor versions, including version 6.58.
Check the installation date:
Look at the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
Look for specific error messages:
The BSOD error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”. If you’re seeing this error, your system is likely affected.
Possible Workarounds
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:WindowsSystem32driversCrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Please note these workarounds are not fully verified; we are awaiting updates on this.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The post Latest CrowdStrike Update Pushing Windows Machines Into a BSOD Loop appeared first on Cyber Security News.
