In various scenarios, applying the fix for the CrowdStrike issue is becoming challenging. I am sharing a compilation of workarounds that have worked as reported by the users:

⏺ (Easiest) Fixing a Single Computer:

a. With WinPE:

1. Boot into WinPE: Use a bootable USB with WinPE.
2. Delete Problematic File: In `startnet.cmd`, add:

```
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
exit
```
3. Reboot: The system should boot normally.

b. Without WinPE:

1. Boot into Recovery Mode: Restart the computer and enter recovery mode (usually by pressing F8).
2. Open Command Prompt: Navigate to Troubleshoot > Advanced Options > Command Prompt.
3. Delete Problematic File: In Command Prompt, enter:

```
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
exit
```
4. Reboot: Restart the computer. The system should boot normally.

⏺ Fixing Multiple Computers in an Organization:

The below method works only when the following conditions are met:

a. Target machines must be supported and configured for PXE boot.
b. Ability to configure BIOS/UEFI settings for network boot or insert USB drives.

1. Prepare WinPE Image:

- Download and install ADK with WinPE add-on.
- Mount WinPE image and edit `startnet.cmd` to delete the problematic file.
- Unmount and save the image.

2. Deploy via PXE:

- Set up a PXE server with iPXE and wimboot.
- Configure DHCP and TFTP servers.
- Boot target machines from the network.

3. Deploy via USB:

- Create bootable USB drives with the customized WinPE image.
- Boot each affected machine from USB.

⏺ Fixing Multiple Computers with BitLocker Enabled :

This particular fix is still being tested and is yet to be proven successful. Its theoretical for now
The below method works only when the following conditions are met:

a. Access to BitLocker recovery keys if drives are encrypted.

1. Prepare WinPE Image with BitLocker Support:

- Include BitLocker tools (`manage-bde`).
- Edit `startnet.cmd` to unlock BitLocker, delete the file, and reboot:

```
manage-bde -unlock X: -RecoveryPassword YOUR_BITLOCKER_RECOVERY_KEY
manage-bde -protectors -disable X:
del X:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
wpeutil reboot
```

2. Deploy via PXE or USB:

- Follow the same PXE or USB deployment steps as above, ensuring the script includes BitLocker decryption

‍

SecOps Solution is a Full-stack Patch and Vulnerability Management Platform that helps organizations identify, prioritize, and remediate security vulnerabilities and misconfigurations in seconds.‍

‍To learn more, get in touch.