It may be that this Friday your computer won’t start, leaving you staring at a blue screen. If that happens, you’re likely among the thousands hit by a global outage caused by a faulty update from CrowdStrike, a cybersecurity provider. The glitch disrupted Windows devices, the Windows operating system from Microsoft and the world’s most widely used platform, but it did not affect Macs from Apple or Linux machines.
The industry’s experts note there are two paths to resolve this compatibility error. One option is to wait for CrowdStrike to roll back the faulty update and release a corrected version. That approach can drag on for an indeterminate period. CrowdStrike has confirmed it is actively working to restore affected customer systems, and some environments have already returned to normal operation. The National Institute of Cybersecurity (INCIBE) in Spain advises against installing the affected agent until a verified solution is ready. This guidance reflects a precautionary approach that prioritizes reliability over speed in critical environments [INCIBE guidance].
The second option is for affected users to address the incident manually. For systems already failing, some can be brought back online by replacing the problematic component with a version that works correctly, while others may fall into a looping failure that requires hands-on intervention, according to INCIBE’s assessment [INCIBE advisory].
In response to the issue, CrowdStrike has issued guidance to its customers detailing steps to resolve the problem. INCIBE has also compiled a straightforward four-step mitigation plan to reduce the incident’s impact, which is summarized below:
1. Boot Windows in Safe Mode or in Windows Recovery Environment.
2. Open the C:WindowsSystem32driversCrowdStrike directory.
3. Locate the file C-00000291*.sys and remove it.
4. Restart the device in normal operation.
Experts emphasize that this is a delicate situation where timing and careful execution matter. While some systems can recover quickly, others require precise removal of the conflicting components to return to normal functionality. The guidance from CrowdStrike and INCIBE aims to empower administrators to act decisively while minimizing risk during remediation [INCIBE advisory].
In addition to the technical steps, the cybersecurity authority overseeing Spain’s government digital transformation emphasizes that those needing help should seek official guidance through formal channels. This emphasis on consultative support helps organizations avoid missteps during a high-pressure incident and ensures that mitigation aligns with established security practices [INCIBE advisory].