Microsoft has released an updated recovery tool to assist customers affected by the recent CrowdStrike Falcon agent issue that impacted millions of Windows devices worldwide.
The new tool, available for download from the Microsoft Download Center, offers two repair options to help IT administrators expedite the recovery process for affected machines.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
Two Repair Options
The recovery tool now provides two methods for repairing impacted systems:
- Recover from WinPE (recommended): This option allows for quick and direct system recovery without requiring local admin privileges. However, users may need to manually enter the BitLocker recovery key if BitLocker is enabled on the device.
- Recover from safe mode: This method may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys. However, access to an account with local administrator rights on the device is required.
To use the recovery tool, IT administrators need:
- A 64-bit Windows client with at least 8GB of free space
- Administrative privileges on the Windows client
- A USB drive with 1-32GB capacity
- BitLocker recovery keys for affected devices (if applicable)
The tool creates a bootable USB drive that can be used to access and repair affected systems. Microsoft has provided detailed instructions for downloading, preparing, and using the recovery media.
Microsoft estimates that the CrowdStrike update affected approximately 8.5 million Windows devices globally, representing less than 1% of all Windows machines. Despite this relatively small percentage, the incident caused significant disruptions across various industries and critical infrastructure worldwide.
Here’s how the tool works:
- Creation of Recovery Media:
- IT administrators download the signed Microsoft Recovery Tool from the Microsoft Download Center.
- They run the provided PowerShell script from an elevated prompt on a 64-bit Windows client with at least 8GB of free space.
- The tool downloads the Windows Assessment and Deployment Kit (ADK) and creates the recovery media.
- Recovery Process:
- For WinPE recovery:
- Boot the affected device from the USB drive.
- If BitLocker is enabled, enter the recovery key.
- The tool automatically runs issue-remediation scripts.
- For Safe Mode recovery:
- Boot the device into safe mode using the USB drive.
- Run the repair.cmd script from the USB drive root.
- The script performs the necessary remediation steps.
- For WinPE recovery:
- Hyper-V Virtual Machine Recovery:
- The tool can generate an ISO for recovering Hyper-V VMs.
- Administrators add the ISO as a DVD drive to the VM and adjust the boot order.
- They then follow either the WinPE or safe mode recovery process
Microsoft’s Response
In addition to releasing the recovery tool, Microsoft has:
- Deployed hundreds of engineers to work directly with customers
- Collaborated with cloud providers like Google Cloud Platform and Amazon Web Services
- Posted manual remediation documentation and scripts
- Kept customers informed through the Azure Status Dashboard
Microsoft emphasized the importance of safe deployment practices and disaster recovery mechanisms across the tech ecosystem. The company continues to work closely with CrowdStrike and other stakeholders to address the issue and prevent similar incidents in the future.
IT administrators and affected users are encouraged to download the recovery tool and follow Microsoft’s instructions to restore impacted systems. As the situation evolves, Microsoft has committed to providing ongoing updates and support to its customers.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.