Cybersecurity company CrowdStrike’s faulty update last Friday affected 8.5 million devices running Windows worldwide, resulting in users getting the Blue Screen of Death (BSOD) error messages on their PCs and laptops.

CrowdStrike posts detailed guidance to fix the Windows BSOD outage issue

The issue was related to an update to CrowdStrike’s Falcon Sensor, a software designed to prevent computer systems from cyber-attacks, which triggered a logic error with a sensor configuration update for Windows systems, causing them to crash and display the BSOD error message on affected devices.

While the company rolled back the problematic update and deployed a fix, “it could be some time for some systems that just automatically won’t recover” before the issue is resolved. It also issued workarounds for affected Windows users.

Following this, CrowdStrike has published a new “Remediation and Guidance Hub” support page for IT and system admins. This page details the technical information on what caused the outage and which systems were affected. It also includes links to BitLocker key recovery processes and several third-party vendor pages about handling the outage.

The support page also includes a statement from George Kurtz, the company’s Founder and CEO, acknowledging the massive worldwide outage and apologizing for the issue.

“All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. We are working closely with impacted customers and partners to ensure that all systems are restored so you can deliver the services your customers rely on,” reads the statement.

In a separate blog post, CrowdStrike has warned about threat actors starting to exploit the issue and distribute a malicious ZIP archive named crowdstrike-hotfix.zip to Latin America-based users.

“The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos. Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers,” reads the blog post.

“I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates,” Kurtz said.

Meanwhile, Microsoft has also released a recovery tool designed to help IT admins repair affected Windows devices running the CrowdStrike Falcon agent. This tool automatically deletes the channel file that caused machines to BSOD and makes them run normally. You can check out Microsoft’s guide and Recovery Tool to deal with the CrowdStrike issue.