On the night of July 18th, 2024, starting at 9:30 PM PDT, some users of Windows instances, Windows Personal WorkSpaces, and AppStream 2.0 Applications experienced connectivity issues and unexpected reboots. The cause was traced back to a recent update of the CrowdStrike Falcon agent (csagent.sys), which triggered a stop error (BSOD) within the Windows operating system. Notably, Windows instances and WorkSpaces that did not use CrowdStrike were unaffected, and AWS services and network connectivity remained fully operational.

AWS has promptly mitigated the issue for all AppStream 2.0 Applications and has taken steps to address the problem for as many Windows instances and WorkSpaces as possible. However, some Windows instances and WorkSpaces still affected by this issue require customer action to restore connectivity.

In many cases, one or more reboots of the affected Windows instances or WorkSpaces can update the CrowdStrike Falcon agent to a previously stable version, resolving the issue. Nevertheless, this approach does not succeed in all instances. For those cases, an alternative recovery strategy is necessary.

AWS has released a detailed guide to assist customers in recovering AWS resources impaired by the CrowdStrike Falcon Agent. Customers needing further assistance are encouraged to contact AWS Support via the AWS Support Center.

Despite the disruption, AWS services and overall network connectivity were not impacted by this event and continue to function normally.