Blue Screen Friday: Why Windows systems glitched and what to do when your computer suffers a heart attack – Crypto News

The dreaded Blue Screen of Death (BSoD) crippled the services of airlines, brokerages, financial institutions, and even media houses worldwide, causing significant damage to businesses in terms of data loss, productivity loss, IT downtime, financial loss, and even reputation loss. 

Even as CrowdStrike, Microsoft, CERT-In, and cybersecurity companies put out advisories, it’s fortunately an issue that can be fixed.

A server hardware or software issue can cause a Blue Screen error, also known as black screen error or STOP code. This causes Windows to shut down or restart unexpectedly, displaying this message: “Windows has been shut down to prevent damage to your computer.”

The concept of BSoD dates back to the early days of the Microsoft Windows operating system (OS). The first version of Windows to feature a blue screen error message was Windows 1.0, released in 1985. However, it was during the era of Windows 3.0, released in 1990, that BSoD became more well-known.

BSoD signifies that the computer has encountered a critical issue, often due to corrupted code or incompatible drivers, and needs to shut down to prevent further damage. The blue colour of the screen, especially the navy blue seen before Windows 10, is where it gets its name. 

Many causes

There are several reasons a blue screen might occur. Common causes include corrupted random access memory (RAM), virus infections, driver incompatibility, other software errors, and sometimes even overheating. Hardware issues such as faulty memory modules or defective video cards can also trigger a blue screen, and so can driver updates for graphics cards or other hardware components.

One of the most infamous BSoD incidents occurred during a live demonstration by Microsoft cofounder Bill Gates at the 1998 COMDEX (Computer Dealers’ Exhibition). Gates was showcasing the new plug-and-play features of Windows 98 when the system suddenly crashed, displaying a BSoD. 

Another notable BSoD incident happened in 2007 during a presentation by Microsoft executive Steve Ballmer, when a Windows XP system crashed. These public failures highlighted the stability issues of the Windows operating system at the time. The Windows 10 Anniversary Update in 2016, too, caused many users to experience repeated BSoDs and system instability.

Ironically, CrowdStrike’s endpoint detection and response (EDR) product is aimed at protecting endpoints such as desktops and servers, which explains why the error is very unlike a cyberattack that one plans to safeguard against. In other words, it’s akin to your bodyguard attacking you by mistake. And, of course, in the context of Friday’s incident, we are referring to updates on servers and not individual user updates. 

“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website,” CrowdStrike said on its website.

Omer Grossman, CIO at CyberArk, an identity security company, said it’s important to figure out how to get customers back online and regain continuity of business processes.

He explained that since “…the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days.”

According to Kumar Ritesh, CEO and founder of cybersecurity firm CYFIRMA, such incidents underscore the importance of rigorous compatibility testing between security solutions and OS updates to prevent widespread disruptions.

“Before deploying any security update or software patch, create a testing environment that mirrors production systems. Test the update thoroughly in this environment to identify any compatibility issues or unexpected behaviour. Avoid deploying updates across all systems simultaneously. Instead, roll them out gradually to a subset of machines. Monitor these systems closely for any adverse effects. If everything looks good, proceed with a wider rollout,” he advises.

Ways to fix a blue screen of death 

To fix a BSoD, you need to restart your computer in the safe mode and uninstall any recently added drivers or applications (in today’s case, the CrowdStrike update file). You then need to run diagnostic tests on your hardware components to identify and replace any faulty parts. Additionally, scanning your system with antivirus software can help detect and remove potential infections that might be causing the problem.

According to Lenovo, blue screens come in various types, each indicating a different issue. For example, “STOP Error 0x7B” points to corrupt registry files, “STOP Error 0x50” occurs when there is insufficient RAM, “STOP Error 0x0000007F” is due to incompatible drivers, and “STOP Error 0xc000021a” happens when programmes fail to respond correctly during execution.

And if you encounter a white screen instead of a blue one, it usually means there was a problem loading the OS kernel into memory during boot-up. This issue often requires deeper diagnostic investigation to determine the cause and find the appropriate solution.

According Malwarebytes, to stop Windows from automatically restarting after a blue screen error, type “System Properties” in the Windows 10 search bar and press Enter. In the System Properties window, go to the Advanced tab and locate Startup and Recovery. Click on Settings, then uncheck the Automatically restart option under System Failure. In this section, you can also adjust how Windows logs system failure events.

Technical teams have been working to address the issue by following CrowdStrike’s mitigation guidelines, and businesses have started reporting that their systems are up and running again. CrowdStrike acknowledged the issue in a recent support page where it stated that the recent crashes on Windows are related to problems with the Falcon sensor.

The CrowdStrike Falcon sensor blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast, according to the company’s website.

“CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheckblue screen error related to the Falcon Sensor. Our Engineering teams are actively working to resolve this issue and there is no need to open a support ticket,” the company said.

Options to consider

There are other operating systems that may be less vulnerable to such disruptive glitches. The Linux OS is less prone to such critical errors. Many distributions, such as Ubuntu, Fedora, and Debian, offer user-friendly interfaces and robust performance. Switching to a Mac operating system is another alternative. MacOS, designed specifically for Apple’s hardware, provides a stable and seamless user experience with less frequent system crashes.

Those who need compatibility with a specific software may use a virtual machine that will allow them to run Linux alongside Windows. This approach provides the best of both worlds, offering the stability of Linux while still accessing necessary Windows applications.

That said, while a Friday-like BSoD attack is unpredictable, it’s important to keep your system updated with the latest Windows and software patches to ensure you have the newest security fixes and bug repairs. Update all hardware drivers regularly since outdated or incompatible drivers can cause system errors. Use reliable antivirus software to scan for and remove malware or viruses that might destabilise your system. Also, maintain sufficient disk space, as low disk space can cause system instability. 

Most importantly, regularly back up important data to avoid data loss in case of a system failure. By following these practices, you can reduce the likelihood of encountering a BSoD and maintain a stable computing environment.

CrowdStrike, incidentally, uses a generative artificial intelligence (AI) model called Charlotte AI that, according to its website, is “continuously trained on trillions of daily events and world-class threat intelligence, tuned with expert-driven context and anonymised usage. Models are transparently changed and updated, optimising the speed and accuracy of all outcomes.”

One wonders if Charlotte AI could prevent future glitches. For now, at least, it does not seemed to have done so.