Service Status
Real-Time Service Status Updates
Access real-time service status updates and notifications about planned maintenance tailored to your organisation’s needs through the Aspire Customer Portal. Stay informed with our service monitoring.
A recent security update from CrowdStrike is causing some Windows devices to experience a blue screen error. CrowdStrike has revoked the update, however, affected machines may need manual intervention. Our team is working diligently to assist customers. The steps below can be used to workaround this issue.
22.07.24 – Customer Information
Phishing Attacks on the Rise:
We recommend that organisations issue guidance to their employees to be vigilant regarding emails claiming to be from CrowdStrike or Microsoft – the NCSC has seen a significant increase in phishing emails relating to this, and there has been an increase in lookalike domain registrations.
CrowdStrike Intelligence has monitored for malicious activity leveraging the event as a lure theme and received reports that threat actors are conducting the following activity:
- Sending phishing emails posing as CrowdStrike support to customers
- Impersonating CrowdStrike staff in phone calls
- Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack and offering remediation insights
- Selling scripts purporting to automate recovery from the content update issue
The Bitlocker Challenge:
One of the difficulties for some organisations is if their users require a bitlocker recovery key. Devices with a TPM (Trusted Platform Module) storing the decryption key and no user-entered pin/password should be able to recover without the recovery key.
There are also *unverified* reports of users simply rebooting over and over to solve the issue if they cannot recover their bitlocker key.
Useful Links:
Microsoft Information Page – New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints
CrowdStrike Information Page – Remediation & Guidance Hub – Falcon Content Update for Windows Hosts
19.07.24 – Service Status Update:
Current Action
- CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
- If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:
Please note: You may need to recover your BitLocker key. Full workaround steps are outlined below, along with a link to a PDF Guide at the bottom of this page.
Workaround Steps:
Boot Windows into Safe Mode (General)
- Turn off your PC
- Press the F8 key multiple times, until you see the Windows Logo/
OR;
Boot Windows into Safe Mode (Dell Laptops)
- Reboot your Laptop
- Press the F12 key multiple times until you see the Dell bios options
- Select SupportAssist OS Recovery
- In the top right-hand corner press the ellipsis (…) and select Windows Recovery
Launch Command Prompt from Windows Recovery
- On the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
- Click Command Prompt and in the window that appears, enter the following command:
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys - Reboot your machine.
Please note, you may need to use your bitlocker recovery key, please follow the steps below:
- On a mobile device, or separate computer, navigate to https://myaccount.microsoft.com/
- Login using your every day email account.
- Click on Manage Devices.
- Select your computer name.
- Select View BitLocker Recovery Keys.
- Select Show Recovery Key. Your 48-digit recovery key will appear.
- Enter the recovery key into the BitLocker recovery screen on the locked computer, followed by Enter.
*You can confirm you have found the matching Device, by verifying the “Device Object ID” matches the Recovery key ID presented on the BitLocker screen.
Please note: We are actively assisting customers and our general response times may be impacted. Our team is working diligently to resolve the issue as quickly as possible. We apologise for any inconvenience this may cause and appreciate your patience. More information will be shared as it becomes available.