By Julian Castillo
22 Jul 2024, 12:50 PM EDT
Microsoft has released a tool specifically designed to address and solve the global problem that affected millions of Windows devices due to a bug in CrowdStrike’s security softwareThe recent CrowdStrike update caused many Windows 10 and Windows Server 2016 systems to enter a reboot loop, displaying a blue recovery screen. Below is how Microsoft has addressed this crisis and the solutions that have been put in place.
What caused the problem?
The issue was caused by a faulty update of CrowdStrike’s `csagent.sys` filea critical component of its security sensor. This file caused numerous devices to experience critical crashes, known as “Blue Screen of Death” (BSOD), which prevented affected systems from booting properly.
Although Microsoft was initially blamed, the bug was found to be coming from CrowdStrike, which quickly acknowledged the issue and worked with Microsoft to develop a fix.
Solutions proposed by Microsoft
To solve this problem, Microsoft has developed a recovery tool which allows system administrators and affected users to restore their devices without making drastic changes to the operating system. The tool, available as part of the Windows Assessment and Deployment Kit (ADK), automates the removal of the faulty file that is causing system crashes. The key steps in this solution are detailed below:
1. Download and Configure ADK: Users must download the Windows Assessment and Deployment Kit (ADK) and install it in their environment. This kit enables the creation of Windows Preinstallation Environment (WinPE) images that are used to deploy the solution.
2. Modify the WinPE Image: Once ADK is installed, users must mount a WinPE image and add a command to delete the faulty file (`C-00000291.sys`). This command is inserted into the `startnet.cmd` file within the mounted image.
3. Deploy the Solution: Users can deploy the fix in two ways: by creating a bootable USB media with the modified WinPE image or by setting up a PXE server to boot the affected systems from the network. When booting from this media, the WinPE image automatically runs the commands required to remove the faulty file and restore system functionality.
Impact and response
CrowdStrike and Microsoft have worked closely to mitigate the impact of this issue. George Kurtz, CEO of CrowdStrike, confirmed that The problem was quickly identified and a fix was deployed to prevent further disruption.. He also assured that this incident did not compromise the security of the systems nor was it a cyber attack.
Despite the severity of the problem, Microsoft has been efficient in implementing a quick and effective solution.System administrators can now restore affected devices using the recovery tool, minimizing downtime and ensuring that systems are back up and running.
This incident highlights the importance of rigorous testing and controlled deployments of updates in critical environments. Although the issue was caused by a bug in a third-party software, the rapid response and collaboration between Microsoft and CrowdStrike has been crucial to resolving the situation and preventing future similar incidents.
Keep reading:
– What was the reason for the global computer failure on July 19?
– Microsoft services failure causes global collapse of banks, flights and other companies
– What caused the worldwide Windows computer blackout and 5 other questions about the incident