
Microsoft has launched a USB recovery tool designed to repair PCs and other machines impacted by a problematic CrowdStrike update, as announced in a recent blog post. IT administrators can create a bootable USB drive to expedite the repair process and restore disrupted devices. Previously, CrowdStrike disclosed that its faulty update for Falcon Sensor affected nearly 8.5 million Windows devices worldwide, causing the infamous ‘blue screen of death’ (BSOD).
Microsoft’s Recovery Tool Details
In a blog post under the ‘Intune Customer Success’ section, Microsoft introduced an updated recovery tool offering two repair options: recovery from WinPE and recovery from Safe Mode. This signed tool is available for download from the Microsoft Download Center.
According to Microsoft, the WinPE recovery option allows users to repair their machines without needing local administrative privileges. However, if BitLocker is enabled, users may need to enter the BitLocker key to repair the affected system. Microsoft recommends this option for most users.
For users without access to their BitLocker key, the Safe Mode recovery option is available. This option requires users to boot the Windows PC into safe mode and log in with local administrative privileges. Microsoft advises using this approach only for machines that are not encrypted or if the BitLocker key is unknown.
If the device cannot connect to USB devices, Microsoft suggests imaging the device.
The USB drive, which will be used as a bootable recovery drive, must have a minimum storage capacity of 1GB and a maximum of 32GB. Additionally, the PC must run on a 64-bit Windows client with at least 8GB of free space to operate the recovery tool.
Incident Overview
The new recovery tool aims to fix Windows PCs and servers affected by the CrowdStrike Falcon Sensor update. Released on Friday, the tool addresses the widespread BSOD issue reported on Windows PCs globally, affecting Microsoft services including Azure, Store, and Office 365.
Media reports indicate that the update disrupted services in various institutions such as banks, airports, and IT companies, leading to flight cancellations or rescheduling due to “technical problems.” Additionally, Australia’s ABC News reported being affected by the update.
CrowdStrike CEO George Kurtz said that issue stemmed from a “defect in a single content update” for the Windows platform, with no reported impact on devices running Linux or Mac.