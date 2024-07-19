Multiple companies worldwide are currently forced to suspend their operations due to a faulty cybersecurity update from CrowdStrike. The update is taking down thousands of Windows computers, causing them to boot loop and crash to a blue screen of death with the error message csagent.sys (PAGE_FAULT_IN_NONEPAGED_AREA).

Affected companies include banks, airlines, TV channels, and more, and some of them are forced to halt their jobs almost completely, with most Windows PCs not working due to the Falcon Sensor agent from CrowdStrike, a system that monitors network activity and prevents cyberattacks. One user from Malaysia said on Reddit that 70% of their laptops are not stuck in a boot loop:

Malaysia here, 70% of our laptops are down and stuck in boot, HQ from Japan ordered a company wide shutdown, someone's getting fireblasted for this shit lmao

CrowdStrike has already confirmed the problem and reverted the update. However, the machines that are already affected still cannot operate properly. While IT admins are scratching their heads in attempts to understand what happened and how to resuscitate their computers, a lengthy thread on Reddit suggests deleting a file in the CrowdStrike directory:

Workaround Steps: Boot Windows into Safe Mode or the Windows Recovery Environment Navigate to the C:\Windows\System32\drivers\CrowdStrike directory Locate the file matching “C-00000291*.sys”, and delete it. Boot the host normally.

While booting into Safe Mode and deleting a single file does not sound too hard on a single machine, servicing hundreds of computers, remote devices, and cloud-based service will be quite a chore for IT admins.

Developing...