Microsoft has released an official recovery tool to help developers and system administrators quickly recover computers affected by CrowdStrike. Although step-by-step solutions already exist to resolve Blue Screen of Death (BSoD) issues, manually resolving them can take a long time, especially if only a few people know about or are not authorized to do so. Meanwhile, some organizations may have to deal with hundreds or even thousands of affected computers.
The CrowdStrike update that caused the massive IT crash last Thursday was installed remotely and deployed to affected users via automated updates, but any fixes it caused could only be performed by users working directly on the affected machines, meaning thousands of IT staff are working overtime this week to try to resolve the issue.
Microsoft estimates that more than 8.5 million Windows machines were affected by the update, and it’s already deploying staff to help customers troubleshoot the issue, and the Redmond company is working directly with CrowdStrike and other enterprise providers, including Google Cloud Platform and Amazon Web Services, to find the most effective way to fix all affected computers.
While the software giant claims that the 8.5 million figure represents less than 1% of Windows machines worldwide, it still had a significant impact on thousands of organizations and critical infrastructure around the world. In addition to impacting airports and airlines, media organizations such as the BBC, hospitals, and even 911 emergency hotlines in several states were taken offline for several hours after a malicious update disabled their systems.
For those who don’t know, CrowdStrike is a security solutions provider and an alternative to Microsoft’s own enterprise-grade Microsoft Defender for Endpoint. These security programs run at the kernel level, so any errors at this level can prevent your computer from booting and cause it to crash. However, rebooting doesn’t fix the problem, because even if you reboot your PC, the problem will come back at the same point.
Microsoft has published a set of prerequisites and steps to use the new recovery tool. For example, the affected machine must have at least 8 GB of free space. You will also need administrative privileges, a BitLocker recovery key for every machine that uses this encryption, and a USB boot drive with at least 1 GB of space. They also provide clear instructions on how to download and prepare the thumb drive, and how to enter Safe Mode to recover the system. Once complete, your computer will be up and running again as if nothing had happened.
Microsoft’s announcement on the CrowdStrike issue has been focused on its efforts to help customers resolve the issue. However, it’s hard not to notice the software giant criticizing CrowdStrike. “CrowdStrike helped us develop a scalable solution that helped Microsoft Azure infrastructure expedite the remediation of CrowdStrike’s faulty updates,” Microsoft said. It added, “This is a reminder of how important it is for all of us across the technology ecosystem to use existing mechanisms to prioritize secure deployment and disaster recovery.”
This massive IT outage showed us how vulnerable systems are when they rely on just a few vendors. This accidental error caused major inconvenience around the world and millions of dollars in lost productivity. Imagine how much damage a malicious actor could do if they had access to these channels.
