Crowdstrike: Microsoft launches tool to save crashed Windows PCs

If your Windows computer is still experiencing Blue Screens of Death following the faulty Crowdstrike update, Microsoft’s new recovery tool will help you fix it.

Source: Microsoft

Microsoft has released a recovery tool to help system administrators repair machines affected by the Crowdstrike fiasco. It should make it possible to quickly restart the machines which have remained out of service since the end of last week.

For vacationers who were too busy sunbathing on a beach to follow this soap opera, it all started last Friday with Crowdstrike, a cybersecurity company which is one of the service providers used by Microsoft. The point of origin was Falcon Sensor, a tool that allows virtual probes to be installed at the heart of an operating system to close the door to certain types of attacks.

Microsoft / Crowdstrike outage: How can the problem be corrected

Like all cybersecurity products, Falcon Sensor undergoes regular updates to keep up with the latest threats, and that’s exactly what the company did last Friday with a routine update. However, the operation did not go as planned. The deployment contained an error that caused the famous Blue Screen of Death in millions of PCs all over the planet. The incident caused an IT disruption of historic proportions, with many essential services (banks, airports, government services, etc.) paralyzed.

CrowdStrike quickly deployed a patch, but not all affected computers could directly benefit from it. A large portion of catatonic PCs had to be rescued manually with a relatively time-consuming method that involved manually restarting the machine in safe mode to delete problematic files.

A recovery tool and remediation hub

It an effort to speed up and simplify the solution, Microsoft has created a new dedicated tool. To benefit, you must start by downloading the Microsoft recovery tool at this address. It allows you to transform a simple USB key into a kind of digital defibrillator. Once plugged in, it automatically accesses the hard drive to delete files associated with the dysfunctional update, allowing the computer to restart normally. It also works on systems protected by encryption solutions like BitLocker. Good news for administrators, especially those who manage a large number of PCs.

CrowdStrike, for its part, has also published a “remediation hub”. It brings together all the details needed to resolve the issue on a bunch of different systems, from Windows 10 PCs to Azure virtual machines.

Phishing: Fake CrowdStrike patches used to target businesses with malware!

Since Friday 19 July 2024, and the release of the CrowdStrike update causing a big mess on a global scale, many companies are looking for help. Cybercriminals have understood this well: they have implemented several malicious campaigns to take advantage of the situation. Let’s do a check-in.

Whether from CrowdStrike or agencies specializing in cybersecurity, the message is the same: several malicious actors are trying to take advantage of the situation to carry out cyberattacks. And for good reason, with a total of 8.5 million Windows PCs out of service worldwide, bringing these machines back online represents a colossal job and an opportunity for attackers.

Several campaigns have already been identified using the following techniques:

  • Sending phishing emails to customers pretending to be CrowdStrike support.
  • Impersonating CrowdStrike staff during phone calls.
  • Pretending to be independent researchers by claiming to have proof that this technical problem is linked to a cyberattack and offering solutions to protect users.
  • The sale of scripts claiming to automate the recovery of machines impacted by the update problem.

Indeed, Crowdstrike has warned users against counterfeits. In recent days, hackers have been circulating a malicious archive called crowdstrike-hotfix.zip, taking advantage of the chaos to try to infiltrate critical systems. So be sure to only use the recovery tool downloaded directly from the Microsoft website to avoid any unpleasant surprises.

If you’re concerned about this issue, our cybersecurity experts are ready to assist and support your organization in safeguarding against such disruptions. Our team can help you implement preventive measures to reduce the risk of similar incidents, including robust update management and comprehensive testing procedures. We can also provide immediate support to address any current vulnerabilities and work towards a swift recovery for your affected systems.