The Crowdstrike software breach last July caused nearly 9 million computers worldwide to be affected, paralyzing the aviation industry, jobs and even securities. Microsoft and Crowdstrike are blamed because a software update at the kernel level was detected as the cause of this incident.
Today Microsoft announced a new Quick Machine Recovery feature that will allow IT administrators to quickly restore computers affected by incidents similar to Crowdstrike.
Quick Machine Recovery makes changes to the Windows Recovery Environment (Windows RE). When a similar incident occurs, Microsoft can provide Windows updates directly to Windows RE. Commands to delete problematic updates like the one with Crowdstrike can be done even in situations where the PC cannot boot. Quick Machine Recovery will be available to the Windows Insider Program community in early 2025.
At the same time Microsoft is working with antivirus developers to do processing outside the Windows kernel. An issue with Crowdstike's security update accessing the kernel was identified as the cause of the issue passing through causing the BSOD. This new security framework will be delivered to Microsoft's security partners in July 2025.