Updated CrowdStrike recovery tool can save you from Blue Screen of Death, even without BitLocker recovery keys

Kevin Addley, VP Marketing & Growth at Future photographs a BSOD at JFK airport
A major network outage causes the "Blue Screen of Death" to appear at airports around the world. (Image credit: Kevin Addley | Future)

What you need to know

  • One of the largest network outages in global history affected millions of PCs around the world.
  • Flights were grounded, banks were affected, and emergency services were unavailable in many areas.
  • The situation was caused by a CrowdStrike update that included a bug.
  • Microsoft released a recovery tool to help restore PCs affected by the issue, and the company has now improved that tool to include two recovery options.

IT admins and PC users are still recovering from one of the largest network outages in history. Known by some as the digital pandemic, a CrowdStrike bug caused the Blue Screen of Death (BSoD) on millions of systems worldwide. The outage affected airlines, banks, emergency services, and even some television stations. Despite how some have referred to the situation, Microsoft is not at fault for the outage. Cybersecurity company CrowdStrike pushed out an update that included a bug in a driver, which crashed PCs around the world. Despite CrowdStrike being at fault, Microsoft has been hard at work on a fix, and it has expanded the tools available to fix affected systems.

Microsoft released a USB Recovery Tool late last week to address the CrowdStrike bug. The tool was designed to expedite the repair process and allow IT admins to restore PCs to a point that's unaffected by CrowdStrike's faulty update. That tool now has two repair options: recover from WinPE and recover from safe mode. Microsoft recommends the recover from WinPE option, but there are situations that will require the other method. Most notably, recovering from safe mode may be able to work if BitLocker is enabled on a device and a recovery key is unavailable (admin rights required).

An updated Tech Community post outlines the options, as well as the pros and cons of each method:

  • Recover from WinPE (recommended option)
    This option quickly and directly recovers systems and does not require local admin privileges. However, you may need to manually enter the BitLocker recovery key (if BitLocker is used on the device) and then repair impacted systems. If you use a third-party disk encryption solution, please refer to vendor guidance to determine options to recover the drive so that the remediation script can be run from WinPE.
  • Recover from safe mode
    This option may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys. For this option, you must have access to an account with local administrator rights on the device. Use this approach for devices using TPM-only protectors, devices that are not encrypted, or situations where the BitLocker recovery key is unknown. However, if utilizing TPM+PIN BitLocker protectors, the user will either need to enter the PIN if known, or the BitLocker recovery key must be used. If BitLocker is not enabled, then the user will only need to sign in with an account with local administrator rights. If third-party disk encryption solutions are utilized, please work with those vendors to determine options to recover the drive so the remediation script can be run.

Microsoft notes that while the USB option is preferred, some devices do not support USB connections. In that case, a Preboot Execution Environment (PXE) option or reimaging a device may be required.

We'll update our guide on how to fix the CrowdStrike Blue Screen error on Windows 11 with details about the new method soon. You can also read Microsoft's breakdown of the process.

What is the CrowdStrike outage?

Crowdstrike Share Price

CrowdStrike stock plummeted as a bug shipped by the company caused millions of PCs to crash. (Image credit: Windows Central)

There's a good chance that you were affected by the CrowdStrike outage in some way. A vast range of companies and organizations had PCs crash and repairs are still underway. Even if you weren't affected directly, conversations about the outage have spilled into non-tech circles. Over the weekend I overheard people at American football practices talking about the "Microsoft outage." My friends and colleagues heard similar conversations working in hospitals, restaurants, and in casual conversations.

CrowdStrike is a cybersecurity company that largely focuses on Internet security. CrowdStrike Falcon gives real-time indicators of attacks and helps security experts protect systems. Unfortunately, CrowdStrike sent out an update that included a bug, which affected organizations that use the Falcon Sensor app.

That bug caused systems to crash and show the "Blue Screen of Death," the infamous error screen that Windows shows when a critical system failure occurs. 

The situation caused planes to be grounded and some airports had to resort to hand-written boarding passes. Banks, emergency services, and millions of PCs were affected.

While some took the opportunity to view crashed systems that prevented work from being done as an adult snow day, the Crowdstrike outage caused chaos across several industries. Ironically, Crowdstrike stock plummeted but some were unable to buy the stock at its lowest point due to the Crowdstrike bug affecting services.

While a fix is available for affected systems, the aftermath of the Crowdstrike outage will be felt for quite some time as IT admins work to recover or fix affected PCs.

CATEGORIES
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.