Posted on 07/22/2024 6:32:27 AM PDT by Red Badger
IT admins now have a quicker way to get machines up and running again after CrowdStrike’s faulty update.
Microsoft has released a recovery tool that’s designed to help IT admins repair Windows machines that were impacted by CrowdStrike’s faulty update that crashed 8.5 million Windows devices on Friday. The tool creates a bootable USB drive that IT admins can use to help quickly recover impacted machines.
While CrowdStrike has issued an update to fix its software that led to millions of Blue Screen of Death errors, not all machines are able to automatically receive that fix. Some IT admins have reported rebooting PCs multiple times will get the necessary update, but for others the only route is having to manually boot into Safe Mode and deleting the problematic CrowdStrike update file.
Microsoft’s recovery tool now makes this recovery process less manual, by booting into its Windows PE environment via USB, accessing the disk of the affected machine, and automatically deleting the problematic CrowdStrike file to allow the machine to boot properly. This avoids having to boot into Safe Mode or a requirement of admin rights on the machine, because the tool is simply accessing the disk without booting into the local copy of Windows. If a disk is protected by BitLocker encryption, the tool will prompt for the BitLocker recovery key and then continue to fix the CrowdStrike update.
The recovery tool has also been updated to include a new PXE boot option, and even a boot to Safe Mode option that allows IT admins to access BitLocker-enabled devices without a recovery key. You’ll need to have access to an account with local administrator rights on the device if you pick the Safe Mode option.
Microsoft also has separate recovery steps available for Windows Virtual Machines running on Azure, and the company has also published recovery steps for all Windows 10 and Windows 11 devices over at its support site.
Update, July 22nd: Microsoft updated its recovery tool over the weekend with more options for IT admins.
We have a couple of Windows 3.1 and Windows 95 and 98 computers here that have old but reliable software on them........
I wonder this bug affected government/military IT systems?
The good ole TIP method of testing.
Or any windows machine not running CrowdStrike.
I have my issues with Microsoft but this was not their issue.
Crowdstrike could have broken their EDR platform for Linux just as easily.
Thanks a lot CrudSuck
I wonder will lawsuits be forthcoming for damages and business lost?
Will there be TV commercials?...............🙄
That's a valid point. However, I don't know if Linux allows the Linux CrowdStrike agent enough privilege to actually panic the kernel. I suspect not, but I'm pinging ShadowAce for an opinion.
NOPE. The agreement the end user has with CrowdStrike only allows for recovery of the "fees paid", that is, the purchase price. Nothing else. Too bad, suckas.
The customers are screwed..............
I agree that MS was not directly involved in this.
But the fact remains that it was the combination of CrowdStrike running on Windows machines.
I would doubt it. However, without knowing the details of the agent, it's hard to say. User-space programs rarely, if ever, have that kind of access to the kernel.
Recovery tool is to switch to a personally modified Linux distribution OS.
Crowdstrike will go bankrupt if every licensed computer user and licenced computer workstation gets a refund.
Do it...you folks out there.
<
This is hopeful and might save companies like yours and many others. Kind of a "forewarned is forearmed" thing. This mess might have been a blessing in disguise for those who ignore the reality of a possible future cyber attack.
IMO the fundamental Windows issue is that, although the original concept in Win-NT was to keep third-party code out of the kernel, it only took a few years for Microsoft to start inserting all sorts of things to run in kernel space; drivers for interactive devices for better performance especially. At that point the gate was open and drivers piled into the kernel whether they needed to be there or not. Any one of them could hang the system, crash the system, BSOD, etc.
So while this current debacle is correctly laid at CrowdStrike's feet, Microsoft needs to take the blame for screwing the kernel, back 25+ years ago, and making the debacle possible. Indeed, inevitable.
Every company needs 2 or 3 “down time” procedures.
Might find out computers may not be necessary to manage a companies functions. Computers are great info back up devices, or calculations enhancer, but unreliable in a very discordant digital information exchange environment.
Wrong.... so says Perplexity
https://www.perplexity.ai/search/southwest-airlines-who-kept-ru-WJvGA.QVTk2sDoKxnquyBA
>>>>>>> Southwest Airlines was largely unaffected by the recent CrowdStrike outage that impacted many other airlines and organizations.
However, the claim that this was due to Southwest running Windows 3.1 or Windows 95 is unfounded and appears to be based on misinformation.
The rumor seems to have originated from a misinterpretation of earlier reports about Southwest’s in-house crew scheduling applications looking outdated, which some likened to Windows 95-era software.
There is no credible evidence that Southwest actually runs its critical systems on Windows 3.1 or Windows 95.
While Southwest did experience fewer disruptions compared to other airlines during this incident, the exact reasons for this are not publicly known and are not related to running decades-old operating systems.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.