Microsoft Launches Windows Recovery Tool For CrowdStrike Outage

‘As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process,’ Microsoft says.

Following the faulty CrowdStrike update that caused chaos for millions of Microsoft customers and businesses, the software giant has now released a free tool to help clients recover from the CrowdStrike fiasco that left a whopping 8.5 million Windows devices down.

Microsoft’s new tool is designed to let IT administrators recover from the blue screen of death (BSOD) in a more-automated way. Instead of trying to simply turn the machines off and on several times if a customer is running virtual machines inside Azure, Microsoft launched a new, updated fix on Sunday to help users that are still affected.

“As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process,” said Microsoft in an updated blog post on Sunday.

The post includes detailed recovery steps for Windows client, server and OSs hosted on Microsoft Hyper-V.

The new Microsoft recovery tool, which can be found in the Microsoft Download Center, comes with two repair options and includes options to help users using Windows clients, servers and operating systems hosted virtually on Hyper-V. CRN breaks down these two main repair options below.

Microsoft’s Recovery Tool For Windows PE

The first option, dubbed “Recover from WinPE” leverages the Windows PE (WinPE) recovery environment.

“This option produces boot media that will help facilitate the device repair,” Microsoft said.

Recover from WinPE aims to quickly and directly recover systems and does not require local admin privileges. The tool does this via a USB to access the computer drive and delete the corrupt file automatically, according to Microsoft.

Microsoft said Recover from WinPE is not entirely automatic for some users, such as if BitLocker encryption is in use, as the recovery key will need to be entered manually.

Microsoft’s ‘Recover From Safe Mode’ Tool

The second Microsoft recovery tool to help is dubbed, “Recover from safe mode.”

“This option produces boot media so impacted devices can boot into safe mode. The user can then login using an account with local admin privileges and run the remediation steps,” Microsoft said.

The “Recover from safe mode” option may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys, according to Microsoft.

This option attempts recovery from safe mode, requires an account with local admin rights and “should only be used with devices using TPM-only protectors, devices that are not encrypted, or situations where the BitLocker recovery key is unknown,” Microsoft said.

Microsoft is warning users that they should test these two recovery tools options on multiple devices prior to using it broadly in an operating production environment.

Last Option For Recovery

If those two options do not work, Microsoft is saying that IT administrators can use PXE to remediate the CrowdStrike issue.

“To use this solution, you can use the Windows Imaging Format (WIM) that the Microsoft Recovery Tool creates in an existing PXE environment as long as the impacted devices are on the same subnet as the PXE server,” Microsoft said.

Alternatively, users can either use a PXE server approach which works best when the PXE server can be moved subnet to subnet easily for remediation purposes, Microsoft said.