Microsoft Releases CrowdStrike Recovery Tool 🛠
Microsoft Recovery Tool has been released and is aimed at assisting IT administrators in repairing Windows machines affected by CrowdStrike’s faulty Falcon agent update, which crashed 8.5 million devices last Friday. This tool generates a bootable USB drive, enabling IT admins to swiftly recover impacted systems.
To utilize the tool, users must have a 64-bit Windows client with at least 8GB of free space and administrative privileges to create the bootable USB drive.
Microsoft has deployed hundreds of engineers and experts to work directly with customers to restore services.
The issue originated from a routine sensor configuration update pushed to Windows systems on July 19, 2024, which caused a logic error, resulting in critical computer systems worldwide experiencing blue screen errors.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft stated.
Although CrowdStrike has released an update to resolve the software issue responsible outage, not all machines can automatically receive this fix. Some IT admins have found that rebooting PCs multiple times can apply the necessary update, but for others, the only solution has been to manually boot into Safe Mode and remove the problematic CrowdStrike update file.
Microsoft’s recovery tool simplifies this process by booting into the Windows PE environment via USB, accessing the affected machine’s disk, and automatically deleting the problematic CrowdStrike file. This method eliminates the need to boot into Safe Mode or have admin rights on the machine, as the tool accesses the disk without booting into the local copy of Windows. If the disk is protected by BitLocker encryption, the tool will prompt for the BitLocker recovery key before proceeding to fix the CrowdStrike update.
Additionally, Microsoft has provided separate recovery instructions for Windows Virtual Machines running on Azure and published recovery steps for all Windows 10 and Windows 11 devices on its support site.
Additional links from CrowdStrike and other technology vendors:
- Workaround steps for individual hosts
- Workaround steps for public cloud or similar environment including virtual
- AWS-specific documentation
- Azure environments – CrowdStrike Falcon agent guidance from Microsoft
- User Access Recovery Key in the Workspace ONE Portal
- Windows encryption management via Tanium
- Bitlocker recovery via Citrix
- Intel vPro® technology remediation guide
- CrowdStrike and Rubrik Customer Content Update Recovery For Windows Hosts
- Recovery Tool to help with CrowdStrike issue impacting Windows endpoints