Microsoft has announced the release of a new recovery tool aimed at addressing the issues caused by the CrowdStrike Falcon agent affecting Windows clients and servers.

The tool offers IT administrators two repair options to facilitate the resolution of the problem impacting Windows endpoints.

The recovery tool includes two methods, Recover from WinPE and Recover from Safe Mode.

The Recover from WinPE option creates boot media that enables quick and direct system recovery without requiring local admin privileges. However, users may need to manually enter the BitLocker recovery key if BitLocker is enabled on the device.

For systems using third-party disk encryption solutions, users are advised by Microsoft to refer to their vendor’s guidance to recover the drive and run the remediation script from WinPE.

Alternatively, the Recover from Safe Mode option also generates boot media but is intended for cases where devices can boot into safe mode. This method requires users to log in with an account that has local administrator rights to perform the remediation steps.

Recover from Safe Mode is suitable for devices with TPM-only protectors, those that are not encrypted, or situations where the BitLocker recovery key is unknown.

For devices using TPM+PIN BitLocker protectors, the user must enter the PIN if known or provide the BitLocker recovery key. If BitLocker is not enabled, local administrator rights are sufficient.

Users with third-party disk encryption solutions should work with their vendors to ensure proper recovery, said Microsoft.

While the USB recovery option is recommended, some devices may not support USB connections. For these situations, Microsoft has provided detailed instructions for using the Preboot Execution Environment (PXE) as an alternative.

If neither USB nor PXE options are feasible, reimaging the device might be necessary.

The release of the new recovery tool by Microsoft follows last week’s series of global IT outages impacting hospitals, broadcast television stations, and airlines, which were traced back to a faulty software update released by cybersecurity firm CrowdStrike. This update caused devices running Microsoft Windows to crash.