Impact: Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Originating KB URL: Originating Build: N/A Resolved KB URL: Date Resolved: 2024-08-01T14:06:32.0769397-07:00 All Updates: ------------------------------------------------------ August 05, 2024 21:52 PM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated July 25, 2024: Microsoft released further guidance on Windows resiliency: Best practices and the path forward (https://aka.ms/WindowsResiliency). Read more about how we are working in close cooperation to improve resiliency across the Windows ecosystem and explore best practices you can use to support resiliency in your organization. Updated July 22, 2024: Microsoft has released a third mitigation option for this issue impacting Windows clients and servers. If devices are unable to recover with the two previous options mentioned below, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on prerequisites and configurations to use PXE Recovery. Updated July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys” and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 25, 2024 21:25 PM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 25, 2024: Microsoft released further guidance on Windows resiliency: Best practices and the path forward (https://aka.ms/WindowsResiliency). Read more about how we are working in close cooperation to improve resiliency across the Windows ecosystem and explore best practices you can use to support resiliency in your organization. Updated on July 22, 2024: Microsoft has released a third mitigation option for this issue impacting Windows clients and servers. If devices are unable to recover with the two previous options mentioned below, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on prerequisites and configurations to use PXE Recovery. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 ------------------------------------------------------ July 22, 2024 16:07 PM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 22, 2024: Microsoft has released a third mitigation option for this issue impacting Windows clients and servers. If devices are unable to recover with the two previous options mentioned below, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on prerequisites and configurations to use PXE Recovery. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 ------------------------------------------------------ July 22, 2024 03:22 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 22, 2024 03:17 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 22, 2024 03:14 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 22, 2024 03:06 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 22, 2024 03:04 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959) for detailed instructions on using the signed Microsoft Recovery Tool (https://go.microsoft.com/fwlink/?linkid=2280386). Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 21, 2024 02:17 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Updated on July 20, 2024: Microsoft has released KB5042426 (https://support.microsoft.com/topic/0d7741f7-aca1-4487-8a54-bd431cb49455), which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=2280386). Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959). Updated on July 19, 2024: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 20, 2024 06:29 AM Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. Workaround: A new Knowledge Base article, KB5042421 (https://support.microsoft.com/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f), with additional step-by-step guidance is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available. To mitigate this issue ahead of additional resolution options, you can follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status). Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/). Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues ------------------------------------------------------ July 19, 2024 14:39 PM CrowdStrike issue impacting Windows endpoints causing an error message on a blue screen. Workaround: To mitigate this issue, follow these steps: 1. Start Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Restart the device. 5. Recovery of systems requires a Bitlocker key (https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/recovery-process) in some cases. For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status (https://azure.status.microsoft/status) Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog (https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/)