Updated, Tuesday, July 23: This article has been updated to add details of an alternative free automated solution for Windows and VMware users.
Microsoft has released a free tool to help people recover from the faulty CrowdStrike update that led to one of the biggest IT disasters to date. The tool is designed to enable IT admins to recover from the blue screen of death boot loop that has left 8.5 million Windows machines out of action.
Although CrowdStrike itself has issued guidance on recovery, as well as another update that fixes the corrupt file at the center of things, getting past the blue screen of death issue is not simple when so many devices are impacted. Microsoft itself has already suggested that those affected by the CrowdStrike issue should try turning it off and on again multiple times if they are running virtual machines inside Azure. This new fix is designed to help where these have failed or not been possible.
Microsoft’s CrowdStrike Recovery Tool
The new Microsoft CrowdStike recovery tool comes with two distinct repair options and includes choices for those using Windows clients, servers and operating systems hosted virtually on Hyper-V.
Option one is the recommended route from Microsoft and enables recovery by using the Windows PE recovery environment. “This option quickly and directly recovers systems and does not require local admin privileges,” Microsoft said. The tool does this by way of USB to access the computer drive and delete the corrupt file automatically. Microsoft concedes that it’s not entirely automatic for some users; if BitLocker encryption is in use, then users will need to enter the recovery key manually, for example.
The second option, Microsoft said, “may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys,” although “may” could be doing a lot of heavy lifting here. This attempts recovery from safe mode, requires an account with local admin rights and should only be used with devices “using TPM-only protectors, devices that are not encrypted, or situations where the BitLocker recovery key is unknown.”
There are some prerequisites when it comes to creating the recovery boot media that admins need to be aware of:
- A Windows 64-bit client with at least 8GB of free space from which the tool can be run to create the bootable USB drive.
- Administrative privileges on the Windows client
- A USB drive with a minimum 1GB and maximum of 32GB. All existing data on this USB will be wiped and will be formatted automatically to FAT32.
Microsoft has warned users that they should test the recovery tool on multiple devices prior to using it broadly in a live operating environment.
The full instructions for all options can be found here.
Fenix24 Offers Alternative Scripted Solution For Windows And VMware Users
Disaster recovery specialists, and CrowdStrike partner, Fenix24 has released a set of fully automated and totally free recovery scripts to be used in restoring operations suffering from the blue screen of death at scale. The solution works with both desktops and virtual servers and prevents the need for purely manual patch intervention, a company spokesperson said.
The open-source fix for Windows and VMware works in a slightly different way for each platform. The Windows scripts will force a reboot of the machine into safe mode from where the problematic .sys file can be removed. Devices where the drive is Bitlocker protected will still first need to enter the decryption key manually, there isn’t any easy way around that, for obvious security reasons. The VMware scripts, meanwhile, use a working server in order to ‘detach’ the virtual desk before mounting it and deleting the file in question, then demounting and reattaching before reboot. All automatically.
Rather than respond to all the requests for Fenix24 engineers to come onsite to remediate the issue, it was decided that a more efficient method would be to develop “a scalable remediation solution in real-time to help everyone solve this problem and publish it for free,” said Heath Renfrow, Fenix24 co-founder.