Microsoft Releases CrowdStrike 'Issue' Recovery Tool

Over the past weekend, millions of people around the world learned the name of the cybersecurity company CrowdStrike—not for preventing PC armageddon, but for causing it. CrowdStrike famously pushed a faulty update to enterprise Windows machines early Friday morning, causing millions of PCs to get stuck in a blue screen of death loop that caused chaos around the world. The company has been working furiously to “fix the glitch” since then, and now Microsoft has released a tool IT admins can use if the affected machines are still offline.
Microsoft says the recovery tool is for systems affected by the “CrowdStrike issue,” which we thought was an interesting word to use as opposed to something with expletives. It allows for the creation of a USB recovery drive that admins can use to expedite the repair process. Prior to this, the most recommended solution was to keep rebooting a machine until the correct file was pushed to the system—or to boot each impacted computer into Safe Mode, then go into the CrowdStrike directory to manually delete the file causing the issues so the recovery tool should be a bit quicker. Microsoft includes detailed instructions for using the tool on its recovery page.
Three days post-apocalypse, the totality of the fallout from this disaster remains to be seen. Microsoft has estimated CrowdStrike’s faulty update impacted 8.5 million Windows PCs, but that seems conservative. CrowdStrike is keen to point out that number is just 1% of all Windows devices around the globe, but there’s no denying how disruptive the event was for airlines, hospitals, banking, shipping, and countless businesses.
CrowdStrike has issued a public apology for its role in this mess and says its engineers have been working around the clock to resolve it. If there’s an upside to this situation, it’s that it will likely prompt companies to ensure they have a contingency plan in place for future disruptions, ensuring they can quickly restore systems from backups.
It has also spurred people to question how it happened in the first place, with one security researcher telling Reuters that CrowdStrike software is updated so often with re-used code from previous updates that it probably wasn’t tested thoroughly. The researcher also said these updates are typically pushed to a small batch of computers first so that a bad update doesn’t cause a global meltdown like we witnessed Friday.
One small twist of fate is also worth mentioning: The last widespread IT cataclysm was in 2010 when a faulty update for McAfee’s security software brought down tens of thousands of computers. Back then, George Kurtz was the CEO of McAfee. He is now the CEO of CrowdStrike.
ExtremeTech supports Group Black and its mission to increase greater diversity in media voices and media ownerships.
© 2001-2024 Ziff Davis, LLC., a Ziff Davis company. All Rights Reserved.
ExtremeTech is a federally registered trademark of Ziff Davis, LLC and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of ExtremeTech. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source