A faulty piece of software has managed to take out a lot of Windows computers around the world. What happened, and what can you do to fix things?
It’s been quite a Friday, but you may want to spare a thought for all the tech teams who are going to be burning the midnight oil making sure computers go back to normal.
The late afternoon of Friday, July 19 2024 will likely be remembered by anyone with a Windows computer for sometime as “the day everything stopped working”. And that’s because it was the day when everything literally stopped working.
Not so much a victim of scams or any other security issue, Windows users across the world including Australia may have seen their machines fail, as a blue screen with an old-school sad face popped up informing them that things weren’t working.
Initial expectations were that this was a problem with Microsoft’s Azure servers, especially given Microsoft had issues with that system earlier that day, grounding some flights in the US and affecting Microsoft 365.
However, as more investigation occurred, another likely culprit emerged.
“We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming,” a Microsoft spokesperson told Pickr.
While Microsoft had its fair share of problems earlier in the day, the massive outage affecting Windows worldwide wasn’t its problem. Rather, it came from an external security solution.
Windows computers with the Crowdstrike security sensor built-in received a faulty file, which in turn caused Windows to fail, delivering a Blue Screen of Death to users.
The dreaded “Blue Screen” or “BSOD” is a sign that something in Windows isn’t working, and often relates to a failure somewhere that can be fixed. It might be memory, a failing hard drive, or a driver issue, the latter of which is often able to be diagnosed and then fixed.
The good news is in this case, that’s what has happened. The bad news is that depending on the situations you’re in, you may need to get your hands dirty to fix things.
If you missed out on all the drama and you switch your machine on with Crowdstrike’s technology installed, you should be fine. The patch has been rolled out, and your computer should emerge unscathed.
However, if you have an affected computer and you’re currently seeing a Blue Screen, you have a limited assortment of options.
The obvious way: Talk to a tech specialist
Ultimately, the easiest way is to talk to a tech specialist, particularly if you have one employed by the company that supplies your laptop to you.
For some people, this will mean awaiting a call or message, and having that tech person do what they do best: fixing things, likely by physically making changes to your computer, or holding your hand through some of the next steps.
The easy way: Restart your computer
If you’re seeing a Windows Blue Screen, and you’re trying to do anything you can to go back to the way your computer should be, try restarting.
Crowdstrike has deployed a fix for the issue, which should mean that machines that missed out on the Friday afternoon debacle will be allowed to skip any problems. However, it could also mean a reboot sees those issues go away.
Maybe.
The hard way: Safe Mode
We say “maybe” because while a restart could allow Windows to connect and download a patched driver, it’s also entirely possible that it won’t, and you’ll need to get your hands dirty.
Crowdstrike has already offered a would-be solution asking users to delete a driver in a folder of Windows, but what does this even mean?
Safe Mode is a cut-back version of Windows that has been around since Windows 95. It runs with some features switched off, and serves as a way for technicians and experts to diagnose (and fix) potential problems.
Crowdstrike’s suggestion to load Windows Safe Mode means going in and doing exactly that: instead of expecting Windows to resolve the situation automatically, you’re deleting the problematic file while Windows runs in a sort of lite mode.
So how do you do it?
Load up Windows Safe Mode
Shut your computer down. When you turn it back on, almost immediately, start holding down either F8 or F11 on your keyboard and don’t stop until Safe Mode launches.
Since its creation, pressing F8 repeatedly during Windows start up has been the way to launch Safe Mode, but with recent versions of Windows, manufacturers use either F8 or F11. Try F11 first, and if that doesn’t work, switch to F8.
Another way of loading into Safe Mode is to force shut down a computer using your physical power key, and then run a few more power cycles to get into the system troubleshooting screen.
Alternatively, if you’re able to log into Windows before the Blue Screen hits you, hold down the Shift key as you select “Restart” in the power feature. That should also reboot the machine into Safe Mode.
Clearly, there are a few ways to get into Safe Mode, and they’ll vary based on the computers and setups out in the world.
Follow the Crowdstrike directions
This all might seem daunting, but it’s a process you can do. Once you’ve found your way into Safe Mode, you’re halfway there. From here, you’ll be asked to delete something, which can make people just as cautious.
Once you’re in Safe Mode, you can follow Crowdstrike’s directions to clean that dodgy driver from your system:
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
Those steps might seem a little difficult by themselves, so we’re going to translate them into a process anyone can understand.
Instead, consider the following approach. Once you’re in Windows Safe Mode:
- Press Windows+R to load the run command
- Type in “C:\Windows\System32\drivers\CrowdStrike” without the quotes
- Hit enter and have the folder load
- Find the file marked as C-00000291*.sys
- Delete it
- Restart your computer into regular Windows
Without the broken file, Windows should be restored to its regular ways of working, but you’ll need to restart the computer first.
Do that, and Windows should come back. Restart and everything should be fine once again.
Will big businesses see their computers fixed, too?
While folks at home can run through these steps, larger businesses may have other issues. Computers in airports, shopping centres, and desktops found in larger businesses tend to fall under the category of “managed services”, and that’s the domain of the tech teams commonly referred to as the IT teams.
Furthermore, those computers may be more difficult to reach the power commands, keyboards, and subsequently Safe Mode.
Think of it like this: when was the last time you saw a keyboard attached to a Woolies self-checkout terminal?
For many systems, IT teams will likely be working over the coming days to return computers and terminals back to where they need to be, which may also mean waiting some time until all affected computers are back to the way they were before this whole mess started.
That could be hours, and it could also be days. This may take time, so just be patient.