The following information is taken from the following Microsoft article: https://azure.status.microsoft/en-gb/status
We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state.
Updated: We approximate impact started as early as 04:09 UTC on the 18th of July, when this update started rolling out.
Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - crowdstrike.com
Update as of 10:30 UTC on 19 July 2024:
We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines. Customers can attempt to do so as follows:
We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.
Additional options for recovery:
We recommend customers that are able to, to restore from a backup, preferably from before 04:09 UTC on the 18th of July, when this faulty update started rolling out.
Once the disk is attached, customers can attempt to delete the following file:
Windows/System32/Drivers/CrowdStrike/C00000291*.sys
The disk can then be attached and re-attached to the original VM.
We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance.
We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state.
Updated: We approximate impact started as early as 04:09 UTC on the 18th of July, when this update started rolling out.
Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - crowdstrike.com
Update as of 10:30 UTC on 19 July 2024:
We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines. Customers can attempt to do so as follows:
- Using the Azure Portal - attempting 'Restart' on affected VMs
- Using the Azure CLI or Azure Shell (https://shell.azure.com)
We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.
Additional options for recovery:
We recommend customers that are able to, to restore from a backup, preferably from before 04:09 UTC on the 18th of July, when this faulty update started rolling out.
- Customers leveraging Azure Backup can follow the following instructions:
- Alternatively, customers can attempt repairs on the OS disk by following these instructions:
Once the disk is attached, customers can attempt to delete the following file:
Windows/System32/Drivers/CrowdStrike/C00000291*.sys
The disk can then be attached and re-attached to the original VM.
We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance.
