Microsoft has created a specific tool and instructions to assist with recovery
So that’s like a WinPE boot stick. Still need the Bitlocker recovery key. If the recovery key is being managed on a server that has Crowdstrike Falcon then you’re a bit stuffed.
2 Likes
The bigger issue is that with most people working from home nowadays, you need people with the knowledge on how to make the USB stick and boot from it.
1 Like
They could ship them out with instructions I guess. Getting the recovery key is the difficult bit isn’t it?
The key is stored either in Active Directory or Azure Active Directory. For AAD, it’s easy. For AD, as long as a domain controller is back up, you’re good.
2 Likes
We have ours in the AD and in our asset management system, which runs on Linux.
Some explanation from Dave Plummer (ex employee of Microsoft)
1 Like
So, it looks like it was probably some dodgy P-Code in the “definitions” file that might have caused the problem. Very interesting analysis, given the limited facts.
So, we are down to, how did this get into the production pipeline.
Monday back was a little chaotic apparently. Colleague sent a picture of one of the lines of staff waiting to get laptops fixed. This is just one campus. There are several around the city!
Title edit suggestion: Global IT Outage involving Windows linked to Crowdstrike
I think there’s enough history to show that this isn’t so much Microsoft’s fault as it is CrowdStrike’s. Both Paul Thurrott and Ed Bott have some good articles outlining the history behind why companies like CrowdStrike and MacAfee and some others have the kind of access they do.
1 Like
I’m betting some overzealous machine learning scheme is involved. Hopefully we get a real root cause analysis out of Crowdstrike at some point.