Global Outage Alert: Windows BSOD Crisis Following CrowdStrike Update – Recovery Steps

Table of Contents

Official CrowdStrike post | https://www.crowdstrike.com/blog/technical-details-on-todays-outage/
Source | https://blog.qualys.com/

  • Steps For Regaining Access to Windows PCs, AWS & Azure
  • Qualys Assurance No Impact on Our Services

On Friday, July 19, 2024, morning, reports surfaced globally of Microsoft Windows operating system users encountering the infamous Blue Screen of Death (BSOD) following the latest update from CrowdStrike. This widespread issue has severely impacted critical services, including telecommunications, banking, airline and railway operations, supermarkets, hospitals, and major news networks.

Steps For Regaining Access to Windows PCs, AWS & Azure 

CrowdStrike has outlined a four-step process for regaining access to Windows PCs affected by the update:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  3. Locate and delete the file matching “C-00000291*.sys”.
  4. Boot the host normally.

For cloud environments, customers can revert to a snapshot taken before 4:09 am UTC.

For AWS (Amazon Web Services), follow these steps:

  1. Detach the EBS volume from the impacted EC2 instance.
  2. Attach the EBS volume to a new EC2 instance.
  3. Fix the CrowdStrike driver folder.
  4. Detach the EBS volume from the new EC2 instance.
  5. Attach the EBS volume back to the impacted EC2 instance.

For Azure, follow these steps:

  1. Log in to the Azure console. 
  2. Go to Virtual Machines and select the affected VM. 
  3. In the upper left of the console, click “Connect”. 
  4. Click “More ways to Connect” and then select “Serial Console”. 
  5. Once SAC has loaded, type in ‘cmd’ and press Enter. 
  6. Type ‘ch -si 1’ and press the space bar. 
  7. Enter Administrator credentials. 
  8. Type the following commands:
    • ‘bcdedit /set {current} safeboot minimal’ 
    • ‘bcdedit /set {current} safeboot network’ 
  9. Restart the VM. 
  10. To confirm the boot state, run the command: ‘wmic COMPUTERSYSTEM GET BootupState’. 

The manual nature of this fix poses a significant challenge for companies, especially those without backups for all VDIs, potentially slowing down the recovery process. Customers will also need a recovery key to access Safe Mode if Bitlocker is enabled on the system disk. 

CrowdStrike Engineering has reversed the changes causing this issue, with the error code displayed on affected systems: “Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19.

Source | https://blog.qualys.com/vulnerabilities-threat-research/2024/07/19/global-outage-alert-windows-bsod-crisis-following-crowdstrike-update-recovery-steps-qualys-assurance

KB5034439: Windows Recovery Environment update for Windows Server 2022: January 9, 2024 | Error message:  0x80070643

Source | Microsoft https://support.microsoft.com/en-us/topic/kb5034439-windows-recovery-environment-update-for-windows-server-2022-january-9-2024-6f9d26e6-784c-4503-a3c6-0beedda443ca

Recommended methods available at

To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update.

Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.

Windows Server 2022

Summary

This update automatically applies Safe OS Dynamic Update (KB5034235) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

NOTE If your running PC does not have a WinRE recovery partition, you do not need this update. To verify if you have WinRE enabled, you can run the following command in an elevated command prompt: reagentc /info

If WinRE is enabled you will see Windows RE status in the output with a value of Enabled.

IMPORTANT This update requires 250 MB of free space in the recovery partition to install successfully. If the recovery partition does not have sufficient free space, this update will fail. In this case, you will receive the following error message:  0x80070643 – ERROR_INSTALL_FAILURE  To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update. Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.

How to get full PC memory specs (speed, size, type, part number, form factor) on Windows 10/11

Check all memory details

The above commands help you to determine the most useful information about the RAM installed on your computer. However, there is another command you can use to query all the available details at the same time.

To view all the memory details on Windows 10/11, then use these steps:

  1. Open Start.
  2. Type Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to list every memory detail possible and press Enter
    wmic memorychip list full

  4. Confirm the available information for each memory module installed on the device.
  5. (Optional) Type the following command to view only the specific details and press Enter
    wmic memorychip get devicelocator, manufacturer, partnumber, serialnumber, capacity, speed, memorytype, formfactor

Supported types

Memory types the command can identify:

  • 0: Unknown.
  • 1: Other.
  • 2: DRAM.
  • 3: Synchronous DRAM.
  • 4: Cache DRAM.
  • 5: EDO.
  • 6: EDRAM.
  • 7: VRAM.
  • 8: SRAM.
  • 9: RAM.
  • 10: ROM.
  • 11: Flash.
  • 12: EEPROM.
  • 13: FEPROM.
  • 14: EPROM.
  • 15: CDRAM.
  • 16: 3DRAM.
  • 17: SDRAM.
  • 18: SGRAM.
  • 19: RDRAM.
  • 20: DDR.
  • 21: DDR2.
  • 22: DDR2 FB-DIMM.
  • 24: DDR3.
  • 25: FBD2.
  • 26: DDR4.

Supported form factors

Form factors the command can identify:

  • 0: Unknown.
  • 1: Other.
  • 2: SIP.
  • 3: DIP.
  • 4: ZIP.
  • 5: SOJ
  • 6: Proprietary.
  • 7: SIMM.
  • 8: DIMM.
  • 9: TSOP.
  • 10: PGA.
  • 11: RIMM.
  • 12: SODIMM.
  • 13: SRIMM.
  • 14: SMD.
  • 15: SSMP.
  • 16: QFP.
  • 17: TQFP.
  • 18: SOIC.
  • 19: LCC.
  • 20: PLCC.
  • 21: BGA.
  • 22: FPBGA.
  • 23: LGA.
  • 24: FB-DIMM.

HDMI vs DisplayPort | Specifications (Resolution, Refresh Rate, and Bandwidth)

 VersionBandwidthResolutionRefresh rate
HDMI1.0-1.24.95 Gbps1080p60 Hz
     
 1.3-1.410.2 Gbps1080p144 Hz
   4K30 Hz
     
 218.0 Gbps1080p240 Hz
   4K60 Hz
     
 2.148 Gbps4K144 Hz
   8K30Hz
     
DisplayPort    
 1.0-1.110.8 Gbps1080p144 Hz
   4K30 Hz.
     
 1.221.6 Gbps1080p240 Hz
   4K75 Hz
     
 1.332.4 Gbps1080p360 Hz
   4K120 Hz
   5K60 Hz
   8K30 Hz
     
 1.432.4 Gbps8K60 Hz HDR
     
 280.0 Gbps16K60 Hz HDR
   10KHDR off at 80 Hz
as of 2021

CPU Coolers Performance | i5-13400 / i5-13600k / i9-13900k

i5-13400
i5-13600k
i9-13900k

Source | LTT https://youtu.be/1YFR20MmvpM

How to Enable Drag and Drop in Windows 11 Using Registry

Enable Drag and Drop using Windows Registry Editor

SPECIAL NOTE* After This registry entry some times start menu will not work with latest build’s of Windows 11 like mine was 21H2 (OS Build 2200.739), if that happened to you just delete the added registry and and reboot.

You can enable and adjust the drag and drop sensitivity settings in Windows by creating a system restore point in the Windows Registry Editor. For example, to enable drag and drop in Windows 11 using the Windows Registry Editor, follow the given steps.

  1. Press Windows + R on your keyboard
  2. This will open the Run command box. 
  3. In the command box, type in the following command “regedit” and press OK.
  4. The Windows Registry Editor is now visible on your screen
  5. Now, navigate to the below-mentioned path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell \Update\Packages

6 Now, right-click on the blank white space on the right navigation pane
7 Here, choose New > DWORD (32-bit) Value. 
8 This will create a new value in the registry editor
9 Right-click on this newly created value file
10 Choose Rename
11 Rename this value file as follows UndockingDisabled
12 Right-click on UndockingDisabled
13 Select Modify
14 Now, change the value to 0 to 1
15 Click OK to save the settings 

Now restart your computer. After restart, you will notice the taskbar will appear same as like in Windows 10 and the drag and drop functionality feature will now be restored on your computer. 

Copy members from one Active directory group to another

How to copy members from security group to distribution groups or the other way around? This is how to copy members from one AD group to another with PowerShell.

In our example, we like to copy the users from the AD group Group-A to another AD group Group-B.

To copy members from one AD group to another will work for all group scopes and group types:

  • Group scope: Domain local / Global / Universal
  • Group type: Security / Distribution

Copy members from one AD group to another with PowerShell

PS C:\> Get-ADGroupMember -Identity "Group-A" | ForEach-Object {Add-ADGroupMember -Identity "Group-B" -Members $_.distinguishedName}

All Users Desktop Folder in Windows Server 2016/2019

If you want to copy some shortcuts or files to all users desktop in server 2016/2019. specially if your configuring a remote desktop session host server and you want to copy company applications short cuts to all users desktop.like in previous versions c:\users\all users\desktop is not available on these server editions.

in Server 2019 and 2016 its available in

C:\Users\Public\Desktop


If you cannot see the desktop Folder tick show hidden items from windows explorer ribbon 

Also

To find out the directory for your system run Following command in a PowerShell prompt:

[Environment]::GetFolderPath('CommonDesktopDirectory')

Arcserve RHA ER00105 Unable to send file (file to send unable to be open)

ER00105 976683 Error 192.168.120.13 2/10/2022 12:24:30 PM Unable to send file D:/Program Files/CA/ARCserve RHA/Engine/tmp/spool/1222255101_2/bl_sync_1196825767.rqv to 192.168.128.20 (file to send unable to be open)

Arcserve Official link for this error ID https://support.arcserve.com/s/article/202043989?language=en_US but in my case this is not worked for me. This is how it fixed for me

1 Stop Scenario

2 Change spool directory path on reported server

3 Start scenario

Get Windows 10 Context Menu in Windows 11

Open Command Prompt and run bellow command. and reboot the computer or go to task manager and restart “windows explorer” process

To Get Old Context Menu:

reg.exe add “HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32” /f /ve

If you need to get back the New Context Menu:

reg.exe delete “HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}” /f

Powered by WordPress and Bootstrap4