When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

CrowdStrike deploys new technique to accelerate BSOD recovery on millions of PCs

Neowin · with 2 comments

crowdstrike logo

Last week, CrowdStrike deployed a faulty update to its Falcon Sensor agent on Windows, causing major disruptions worldwide by affecting various sectors, including banks, airlines, and media companies. This faulty update caused nearly 8.5 million Windows PCs to continuously reboot with error code 0x50 or 0x7E Blue Screen of Death (BSOD) errors. Over the past few days, CrowdStrike and Microsoft have provided support and guidance to customers to recover their PCs.

The current recovery methods offered by both Microsoft and CrowdStrike work well, but it is a time-consuming process. Fixing millions of machines using these recovery methods will require a significant amount of resources.

CrowdStrike has now informed its customers that it tested a new technique to accelerate impacted system remediation. CrowdStrike is working to operationalize an opt-in to this technique. A CrowdStrike employee has also confirmed on Reddit that they have released a cloud remediation that has shown major success, and they will share more information soon. You can keep an eye on the recently published CrowdStrike's official guidance page for the latest updates on the deployment of this new technique.

Last night, Microsoft released its updated recovery tool for the CrowdStrike issue with two repair options to help IT admins expedite the repair process:

  • Recover from WinPE – this option produces boot media that will help facilitate device repair.
  • Recover from safe mode – this option produces boot media so impacted devices can boot into safe mode. The user can then log in using an account with local admin privileges and run the remediation steps.

You can learn more about the updated recovery tool here. Amidst the global scramble to fix CrowdStrike-impacted systems, cybercriminals are capitalizing on the widespread disruption. They are distributing a malicious ZIP archive named "crowdstrike-hotfix.zip" and have started a huge phishing campaign targeting CrowdStrike customers. Therefore, the affected CrowdStrike customers are advised to communicate only through official channels and adhere to technical guidance provided by CrowdStrike and Microsoft.

Source: CrowdStrike

Report a problem with article
Next Article

Failed CrowdStrike update has caused Delta Airlines to cancel hundreds of flights today

crowdstrike
Previous Article

CrowdStrike posts detailed guidance to fix Windows BSOD outage issue [Update]

Join the conversation!

Login or Sign Up to read and post a comment.

2 Comments - Add comment