CrowdStrike chaos casts a long shadow on cybersecurity Global IT outage forces hospitals to cancel appointments
Definition

What is the blue screen of death (BSOD)?

The blue screen of death (BSOD) -- also known as a stop error screen, blue screen error, fatal error or bugcheck -- is a critical error screen that can be displayed by Microsoft Windows operating systems (OSes).

If and when a BSOD appears, it is an indication that Microsoft Windows has encountered a very severe issue from which it cannot recover on its own. A BSOD functionally renders an affected system nonoperational until the issue is resolved with some form of intervention by the user.

The term blue screen of death is a reference to the color of a user's system screen when the BSOD is triggered. A user's screen will turn blue with white text, providing a message that the system has encountered a problem. Once the BSOD appears, the system is largely inoperable or dead from a functional perspective.

A BSOD incident typically comes with no warning and all unsaved work is immediately lost. That could be the least of a user's problems, as the system is not usable until the issue that triggered the BSOD is resolved.

BSODs have been a part of the Windows OS since the release of Windows NT 3.1 in 1993. It was originally designed as a kernel error handler for situations where the OS couldn't recover from a critical error. A BSOD is intended to act as a protective measure, forcing the system to shut down to prevent catastrophic hardware failure.

A BSOD is a full system failure at the Windows kernel level due to an issue with Windows drivers and/or hardware. It is not an application crash. If the browser crashes, Windows continues to run. It's very rare that an app can cause a blue screen because they commonly run at a higher level in the OS.

While a BSOD has always had white text on a blue screen, the information and design of the BSOD has changed. Over the years, Microsoft has modified the BSOD's appearance and the information it displays in an attempt to make it somewhat user-friendly and informative.

What causes BSOD?

A BSOD incident can be triggered by several hardware and software issues.

Hardware failures

Among the types of hardware issues that can be at fault are the following:

  • Faulty memory, including system random access memory (RAM).
  • Overheating components.
  • Processor (CPU) malfunctions.
  • Graphics processing unit (GPU) malfunctions and motherboard BIOS bugs.
  • Power supply issues.
  • Hardware running beyond its specification limits.

Software conflicts

Various types of software issues can also lead to a BSOD, including the following:

  • Poorly written or incompatible device drivers.
  • Bugs in the OS kernel.
  • Corrupted system files.
  • Conflicts between system processes.
  • Malware infections.
  • Recent software updates. As seen in the 2024 CrowdStrike incident, third-party software updates can also cause widespread BSOD issues by introducing kernel-level conflicts.

Common BSOD stop codes

During a BSOD, stop codes appear at the bottom of the screen. There are 270 stop codes, but most are exceptionally rare. The following are the most common:

  • KMODE_EXCEPTION_NOT_HANDLED is an error in the kernel process associated with incompatibility or equipment malfunction.
  • NTFS_FILE_SYSTEM is a drive error caused during read or write, usually due to data integrity on disk or in memory.
  • DATA_BUS_ERROR is the result of errors in RAM. The cause might be incompatible or defective memory sticks.
  • IRQL_NOT_LESS_OR_EQUAL is an error that might be due to a malfunction of the drivers, system services or incompatible software.
  • PAGE_FAULT_IN_NONPAGED_AREA is an error related to the swap file during operation of file systems or failure of a service or software.

Troubleshooting and resolving BSOD

By taking the following troubleshooting steps, it's often possible to quickly resolve a BSOD incident:

  1. Document the error code. When a BSOD appears, users should write down the error code.
  2. Reboot the system. Windows will attempt to determine the problem and fix it. In some instances, that will be enough to address the problem.
  3. Review recent system changes. If the problem persists, users should think back to what they did before the BSOD occurred. Was a new program installed, driver updated, or new app installed or upgraded? If so, that might have caused the BSOD.
  4. Run System File Checker. Corrupt system files are a common root cause of a BSOD.
  5. Safe mode. Boot into safe mode to uninstall recent updates or drivers that might have caused the issue.
  6. Test hardware. Test system RAM, monitor system temperatures and verify power supply integrity.
  7. Consider a System Restore. If the error persists after a user installs a new program/hardware, updates a driver or installs a Windows update, consider a system rollback using System Restore. This Windows feature takes a snapshot of a computer, OS and apps, and saves it for emergencies such as this.
  8. Scan for malware. A virus check for a persistent BSOD is a good idea. Users should restart their computers in safe mode by hitting F5 at boot for the menu option and then run their antivirus software. An even better option is to have a USB drive with a preinstalled antivirus to boot from rather than the computer. However, users must plan ahead to create and use such a USB drive.
  9. Use the Blue Screen Troubleshooter. Both Windows 10 and Window 11 have the Get Help app that integrates a useful troubleshooting tool. After rebooting in safe mode, type "Troubleshoot BSOD error" in the Get Help app and then follow the guided process to help troubleshoot BSOD issues.
  10. Start over with a clean install. As a last-resort option, users can reset Windows or perform a clean install. However, users should back up all important data to an external hard drive before reinstalling Windows.

Prevention measures for BSOD

Though not all BSOD incidents can be easily prevented by users, the following steps can be taken to reduce the risk:

  • Keep Windows and drivers updated. Regularly update the Windows OS and device drivers to ensure compatibility and fix known issues.
  • Use reliable antivirus/antimalware software. Install and maintain up-to-date antivirus software with an active scanner and firewall to protect against malware that can potentially trigger a BSOD.
  • Monitor system performance. Use built-in Windows tools, including the Resource Monitor, to keep an eye on system performance and identify potential issues before they cause a BSOD.
  • Maintain proper hardware cooling. Monitor system temperature and ensure the system is functioning correctly to prevent overheating. Part of that effort can be as easy as cleaning dust from fans and vents regularly.
  • Avoid overclocking. Refrain from overclocking system resources beyond manufacturer specifications, as this can lead to system instability and a BSOD.
  • Be cautious with new software installations. Only download and install software from reputable sources to minimize the risk of malware or incompatible programs.
  • Perform regular disk checks. Use Windows' built-in tools, such as CHKDSK, to scan for and repair disk errors that could lead to system crashes.
  • Run memory diagnostics. Periodically use the Windows Memory Diagnostic tool to check for RAM issues that could cause a BSOD.

BSOD in different Windows versions

The BSOD screen has changed over the years across multiple version of Windows.

Up to Windows 7, the BSOD was full of hardware information that was useless to most users.

Screenshot of the former blue screen of death format.
This is the old blue screen of death format.

Starting with Windows 8, it scaled down the amount of information and put a large sad emoticon on the screen. It also put a QR code on the screen so users can look up the cause of the blue screen with their smartphones.

Screenshot of the blue screen of death format for Windows 10.
This is the new BSOD format with Windows 10.

Windows 11 briefly experimented with a black screen before reverting to blue.

The CrowdStrike BSOD

Perhaps the most infamous BSOD ever occurred in July 2024 with the CrowdStrike incident.

CrowdStrike is an endpoint security vendor whose technology is widely deployed across large enterprise and mission-critical operations across the transportation, healthcare, financial services and media sectors.

The CrowdStrike Falcon endpoint agent hooks into Microsoft as a Windows kernel process. A logic flaw in an automated update for CrowdStrike triggered a BSOD that had a massive impact on IT around the world.

BSOD in non-Windows systems

A BSOD is specific to Microsoft Windows OS, but there are somewhat similar kinds of critical errors on non-Windows systems.

In both Linux and Apple macOS there is the concept of a kernel panic. That error screen can vary based on OS version. Much like a BSOD, a kernel panic is triggered by bad code interacting with the OS kernel, which then renders the system unstable.

This was last updated in July 2024

Continue Reading About What is the blue screen of death (BSOD)?

Dig Deeper on IT operations and infrastructure management