BitLocker workaround may offer aid for CrowdStrike customers Defective CrowdStrike update triggers mass IT outage

Microsoft: Faulty CrowdStrike update affected 8.5M devices

Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread.


Listen to this article. This audio was generated by AI.

More than 8 million Windows devices were affected by last week's massive IT outage after CrowdStrike released a faulty channel file update.

In a blog post published on Saturday, David Weston, vice president of enterprise and OS security at Microsoft, revealed the scope of the incident and detailed the response efforts following last week's global IT outage that resulted from a defective CrowdStrike Falcon update. The outage affected many CrowdStrike customers, but most notably halted airline services and disrupted healthcare organizations and government agencies, with fallout continuing this week.

"We currently estimate that CrowdStrike's update affected 8.5 million Windows devices, or less than one percent of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services," Weston wrote in the blog post.

Over the weekend, Microsoft provided additional remediation updates and workaround recommendations for affected users that span across a variety of sectors. On Saturday, Microsoft released two new recovery options via a free USB tool that customers can download. The first option recovers from Windows Preinstallation Environment, or WinPE, which is a small OS within Windows that is used to deploy, repair and troubleshoot the full OS. The second option recovers the affected system in safe mode.

"Although the USB option is preferred, some devices may not support USB connections. In such cases, we provide detailed steps below for using the Preboot Execution Environment (PXE) option. If the device cannot connect to a PXE network and USB is not an option, reimaging the device might be a solution," Microsoft said in the advisory.

Timeline of July 2024 CrowdStrike outage

In addition to engaging with CrowdStrike on response efforts, Microsoft also said it's working with Google Cloud Platform and Amazon Web Services to communicate with customers as they work to recover their Windows systems after experiencing continuous blue screen of death error messages.

Weston stressed that it was not a Microsoft incident. He added that while software updates can cause disruptions, incidents like the one that occurred on July 19 are "infrequent." Since last week, Microsoft has been working with CrowdStrike to release an automated fix and deployed hundreds of Microsoft engineers to assist affected customers, Weston said.

"This incident demonstrates the interconnected nature of our broad ecosystem -- global cloud providers, software platforms, security vendors and other software vendors, and customers. It's also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist," the blog post read.

CrowdStrike also provided updates over the weekend. In a post to LinkedIn, CrowdStrike also said an estimated 8.5 million Windows devices were affected by the defective update and that a "significant number" have been restored. CrowdStrike added that it worked with customers to test a new remediation technique intended to accelerate the recovery process.

"We're in the process of operationalizing an opt-in to this technique. We're making progress by the minute," CrowdStrike wrote in the post.

CrowdStrike's new guidance included a recovery process for organizations that don't have access to their BitLocker keys. Some organizations have found themselves locked out of their systems and unable to remove the defective CrowdStrike update because they cannot access their BitLocker keys.

CrowdStrike also apologized again for the significant disruption to affected organizations.

Larry Carvalho, an independent analyst with Robust Cloud, told TechTarget Editorial that the resulting IT outages could have significant effects on the IT industry, possibly causing more users to consider alternatives to Windows. "Overall, it was a good day for unaffected Mac and Linux machines," he said. "With endpoints needing basic functionality in most cases, you can expect Linux to get some more traction because of this failure."

Senior News Director Rob Wright contributed to this story.

Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.

Next Steps

CrowdStrike: 97% of Windows sensors back online after outage

CrowdStrike disaster exposes a hard truth about IT

CrowdStrike outage shows business continuity still a DR must

Dig Deeper on Application and platform security