Microsoft releases CrowdStrike Recovery Tool — admits 8.5 million Windows devices were affected by the BSOD issue

CrowdStrike
(Image credit: Tom's Hardware)

Microsoft has released an official Recovery Tool that allows developers and system administrators to quickly recover CrowdStrike-affected computers. While there is already a step-by-step solution to resolve the Blue Screen of Death (BSoD) problem, solving it manually can take a long time, especially if only a few people know or are even authorized to do it. Meanwhile, some organizations will have to handle hundreds, if not thousands, of affected computers.

The CrowdStrike update that caused the massive IT crash last Thursday was installed remotely, rolling out to those affected via an automatic update. However, the fix for the issue it caused can only be done through a user working directly on the affected machine. This means thousands of IT staff will be working overtime this week trying to resolve the issue.

Microsoft estimates that over 8.5 million Windows machines were affected by the update, and it has already deployed staff to help customers resolve the issue. Furthermore, the Redmond company has worked directly with CrowdStrike, as well as other enterprise providers like Google Cloud Platform and Amazon Web Services, to find the most effective approaches to fixing all affected computers.

While the software giant says that the 8.5 million figure is less than 1% of all Windows machines in the world, it still made a significant impact on thousands of organizations and critical infrastructure worldwide. Aside from affecting airports and airlines, media organizations like the BBC, hospitals, and even the 911 emergency hotline of several states have been offline for several hours since the rogue update disabled their systems.

For those who aren't familiar, CrowdStrike is a security solutions provider and is an alternative to Microsoft's own enterprise-grade Microsoft Defender for Endpoint. Since these security programs run at the kernel level, an error at this level means that the computer could stop booting and crash. A restart would not fix the issue, though, since when you reboot your PC, the issue would still occur at the same point.

Deploying Microsoft's CrowdStrike Recovery Tool

Microsoft shares a set of prerequisites and step-by-step instructions for using the new Recovery Tool. For example, you will need at least 8GB of free space on the affected machine. Also, admin privileges, a BitLocker recovery key for all machines using this encryption, and a USB boot drive with at least 1GB capacity are required. It also helpfully tells users how to download and prepare the thumb drive, and how to enter Safe Mode to recover the system. Once done, the computer can be up and running again as if nothing happened.

Microsoft's announcement about the CrowdStrike issue is focused on the steps that it is doing to help its customers resolve the issue. But we cannot help but notice the software giant throwing some shade on CrowdStrike. Microsoft said, "CrowdStrike has helped us develop a scalable solution that will help Microsoft's Azure infrastructure accelerate a fix for CrowdStrike's faulty update." It added, "It's also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist."

This massive IT outage has shown us how vulnerable our systems are by relying on just a few vendors. This accidental error caused massive inconveniences globally and millions of dollars in lost productivity. How much more damage could malicious actors do if they managed to access these channels?

TOPICS
Jowi Morales
Contributing Writer

Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.

  • torbjorn.lindgren
    No, you don't need 8GB free space on the affected machines as this article claims (first paragraph in Deploying Microsoft's Crowdstrike Recovery Tool). The MS article says that the machine building the USB drive needs 8 GB of free space (make sense that it needs some temporary space), there's no free space requirement for the affected machines.
    Reply
  • CmdrShepard
    I find the fact that Microsoft has invested resources (which Microsoft's own developers say are scarce whenever you press them to fix some bug in one of their GitHub repos) into developing this tool speak volumes about who both CrowdStrike and Microsoft seem to be working for.

    See, if that was Kaspersky or ESET failure they probably wouldn't lift a finger to help. But since CrowdStrike is so obviously backed by 3-letter agencies they had to soften the blow to save their reputation. The fact that big names didn't immediately uninstall Falcon after this mess and sued CrowdStrike for damages and straight into oblivion tells us who is behind it all and that everyone is in on it.
    Reply
  • JRStern
    The whole auto-update mechanism is a black hole in any purported security framework.
    Reply
  • garrett040
    CmdrShepard said:
    I find the fact that Microsoft has invested resources (which Microsoft's own developers say are scarce whenever you press them to fix some bug in one of their GitHub repos) into developing this tool speak volumes about who both CrowdStrike and Microsoft seem to be working for.

    See, if that was Kaspersky or ESET failure they probably wouldn't lift a finger to help. But since CrowdStrike is so obviously backed by 3-letter agencies they had to soften the blow to save their reputation. The fact that big names didn't immediately uninstall Falcon after this mess and sued CrowdStrike for damages and straight into oblivion tells us who is behind it all and that everyone is in on it.
    What evidence is there for crowdstrike being backed by US Govt intel agencies?
    Reply
  • CmdrShepard
    garrett040 said:
    What evidence is there for crowdstrike being backed by US Govt intel agencies?
    All the accusations not backed by evidence which they provided on behalf of those agencies blaming Russia, China, and North Korea every chance they got?

    There's evidence they have deep cooperation with intel agencies.
    Reply
  • JerryMick
    CmdrShepard said:
    All the accusations not backed by evidence which they provided on behalf of those agencies blaming Russia, China, and North Korea every chance they got?

    There's evidence they have deep cooperation with intel agencies.
    garrett040 said:
    What evidence is there for crowdstrike being backed by US Govt intel agencies?
    You mean expect the fact that chief security of CrowdStrike is...former FBI senior executive.
    Reply