CrowdStrike issue impacting Windows endpoints causing an error message on a blue screen

CrowdStrike issue impacting Windows endpoints causing an error message on a blue screen

Updated on July 20, 2024: Microsoft has released KB5042426, which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. Microsoft will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. 

A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center. Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints.

Updated on July 19, 2024: A new Knowledge Base article, KB5042421, with additional step-by-step guidance is now available for Windows 11 and Windows 10 clients. Microsoft will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available.

Microsoft has identified an issue impacting Windows endpoints that are running the CrowdStrike Falcon agent. These endpoints may encounter an error message on a blue screen and experience a continual restarting state.

Microsoft have received reports of successful recovery from some customers attempting multiple restart operations on affected Windows endpoints.

To mitigate this issue, follow these steps:

1. Start Windows into Safe Mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Restart the device.
5. Recovery of systems requires a Bitlocker key in some cases.

For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status.

Additional details from CrowdStrike are available here: Statement on Windows Sensor Update – CrowdStrike Blog.