Microsoft on Saturday said an estimated 8.5 million Windows devices were impacted by the faulty software update from CrowdStrike that triggered massive IT outages across the global economy on Friday.
Microsoft also released a USB tool on Saturday to help IT administrators expedite the repair process for Windows clients and servers impacted by the CrowdStrike Falcon agent issue.
To use the tool, users must have a Windows 64-bit client with at least 8GB of free space from which the tool can be run to create the bootable USB drive, along with administrative privileges on the Windows client.
While less than one percent of all Windows machines have been impacted, Microsoft says it is deploying hundreds of its engineers and experts to work directly with customers to restore services.
The root of the issue was a routine sensor configuration update pushed to Windows systems on July 19, 2024 at 04:09 UTC which triggered a logic error that blue-screened critical computer systems around the world.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said.
The incident, described in the mainstream media with words such as “chaos” and “disaster”, could turn out to be one of the worst cyber failures in history.
In an update Saturday morning, CrowdStrike provided a tech alert with more information about the issue and workaround steps organizations can take.
“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers,” Microsoft said in a blog post. “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist. As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together. We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps.”
Additional remediation resources and quick links from CrowdStrike and other technology vendors:
- Workaround steps for individual hosts
- Workaround steps for public cloud or similar environment including virtual
- AWS-specific documentation
- Azure environments – CrowdStrike Falcon agent guidance from Microsoft
- User Access Recovery Key in the Workspace ONE Portal
- Windows encryption management via Tanium
- Bitlocker recovery via Citrix
- Intel vPro® technology remediation guide
- CrowdStrike and Rubrik Customer Content Update Recovery For Windows Hosts
- Recovery Tool to help with CrowdStrike issue impacting Windows endpoints (Microsoft)
- KB5042421: CrowdStrike issue impacting Windows endpoints (Microsoft)
Additional news coverage from SecurityWeek and around the web:
- CrowdStrike Provides Remediation Guidance After Software Update Causes Worldwide IT Chaos
- CrowdStrike Says Logic Error Caused Windows BSOD Chaos
- Bad CrowdStrike Update Linked to Major IT Outages Worldwide
- Highlights from the global tech outage (AP)
- Microsoft-CrowdStrike issue causes ‘largest IT outage in history’ (CNBC)
