News AI
July 21st, 2024

New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints

Microsoft released a new recovery tool to fix CrowdStrike Falcon agent issue on Windows. It requires a 64-bit Windows client, admin rights, a 1GB USB drive, and BitLocker key. The tool creates a bootable USB for repair. Not integrated with Microsoft Intune.

Read original articleLink Icon
New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints

A new recovery tool has been released by Microsoft to address the CrowdStrike Falcon agent issue affecting Windows clients and servers. The tool, available for download from the Microsoft Download Center, aims to assist IT Admins in expediting the repair process. It requires a Windows 64-bit client with administrative privileges and a USB drive with at least 1GB of free space. Users must also have the BitLocker recovery key for impacted devices. The tool involves executing a PowerShell script to create a bootable USB drive, which is then used to repair affected devices by following specific steps during the reboot process. Microsoft emphasizes that this tool is not integrated with Microsoft Intune but is shared as a support tip to aid customers. For further details and instructions, users are directed to the provided links for additional information on the CrowdStrike issue and recovery steps.

Related

CrowdStrike code update bricking PCs around the world

CrowdStrike code update bricking PCs around the world

CrowdStrike's Falcon Sensor update triggers Windows crashes with Blue Screen of Death due to csagent.sys file issues. Workaround involves file deletion in Safe Mode. CrowdStrike is addressing the problem.

CrowdStrike fixes start at "reboot up to 15 times", gets more complex from there

CrowdStrike fixes start at "reboot up to 15 times", gets more complex from there

A faulty update to CrowdStrike's Falcon security software caused Windows crashes, impacting businesses. Microsoft and CrowdStrike advise rebooting affected systems multiple times or restoring from backups to resolve issues. CrowdStrike CEO apologizes and promises support.

Crowdstrike – Statement on Falcon Content Update for Windows Hosts

Crowdstrike – Statement on Falcon Content Update for Windows Hosts

CrowdStrike addresses a Windows host content update defect, reassuring Mac and Linux hosts are safe. The issue, not a cyberattack, is resolved. Impacted customers receive support and guidance for recovery.

Microsoft: Helping our customers through the CrowdStrike outage

Microsoft: Helping our customers through the CrowdStrike outage

CrowdStrike released a global software update causing IT disruptions. Microsoft collaborated to aid affected users, deploying engineers and sharing remediation instructions. Industry collaboration is crucial for resolving rare incidents effectively.

Microsoft says 8.5M Windows devices were affected by CrowdStrike outage

Microsoft says 8.5M Windows devices were affected by CrowdStrike outage

Microsoft reported that a CrowdStrike outage impacted 8.5 million Windows devices globally, causing disruptions in banking, retail, and transportation. Collaboration with tech giants is ongoing to address cybersecurity risks efficiently.

Link Icon 11 comments
By @etskinner - 6 months
Really impressive that they got thru an entire develop, build, approval, and documentation process in just about 2 days. Not that any of those steps are extremely hard for this fix, but I'm always impressed when big corporations can move so fast
By @gnfargbl - 6 months
Given the harm that Crowdstrike caused Microsoft here, it does seem like they missed an opportunity in not calling this tool Blue Falcon.
By @ComputerGuru - 6 months
We released ours the same day as the mass crashes :)

https://x.com/mqudsi/status/1814367837940515098

By @rdtsc - 6 months
It's interesting Microsoft is dealing with this. I wonder how they feel about CS? Can't imagine they are happy with them. So I would guess it's less of "let's work with our friends at CS" and more like "Those $#%!, they made a mess and we're left to clean it up".

I've already heard from multiple non-technical people presenting this as a "Microsoft problem". "Omg, did you hear what Microsoft just did to their customers?". I don't know if CS subtly pulling strings to look less guilty, but probably just happens by simple association "blue screen of death = Windows problem". Can't image Microsoft is too happy to take this kind of a reputational hit.

By @NelsonMinar - 6 months
This tool requires you physically plug in a UBS device and then touch the keyboard. One at a time. I can imagine it has to be this way but ouch, that is a lot of manual work. At least it's simple enough to train someone to do it.
By @ok123456 - 6 months
They should add CS Falcon to their malware definitions in Windows Defender. Crowdstrike has proved that its software is indistinguishable from malware.

Also, while they're at it, add Trellex.

By @bloopernova - 6 months
Did anyone write a script to remove the file directly from VM disks, rather than booting the OS? Or does crowdstrike somehow prevent that solution?
By @jaredhallen - 6 months
We were doing something similar with our SCCM boot drives. Boot off the stick, press F8 for cmd prompt, use manage-bde to unlock bitlocker, and delete the files from the cmd prompt.
By @mikemitchelldev - 6 months
Very carefully worded blog post title.
By @andrewmcwatters - 6 months
People have been talking about how this is a CrowdStrike issue, and such on Reddit, etc. But in my opinion, it's appalling that Windows can allow this to happen.