The advice, which is specifically for virtual machines using Azure, shows that sometimes the solution to a catastrophic failure is turn it off and on again. And again.
Have you tried turning it off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on and off and on again?
If this somehow works, good on Microsoft, but what the fuck are they doing on boot cycles 2-14? Can they be configured to do it in maybe 5? 3? Some computers have very long boot cycles.
There's nothing magical about the 15th reboot - Crowdstrike runs an update check during the boot process, and depending on your setup and network speeds, it can often take multiple reboots for that update to get picked up and applied. If it fails to apply the update before the boot cycle hits the point that crashes, you just have to try again.
One thing that can help, if anyone reads this and is having this problem, is to hard wire the machine to the network. Wifi is enabled later in the startup sequence which leaves little (or no) time for the update to get picked up an applied before the boot crashes. The wired network stack starts up much earlier in the cycle and will maximize the odds of the fix getting applied in time.
That makes sense with how the article said "up to 15 times" which does sort of indicate it's not a counter or strictly controllable process. Thank you!
I was thinking (from reading the headline) that if one specific component fails 15 times during boot or so, it will just automatically get disabled by the system, so that you don't run into an unavoidable boot loop.
But this makes sense as well, if they did write "up to" in the article (as others have stated). Even though I find the confidence weird. Imagine you have some weird dial-up or satellite internet solution for your system, which just needs time to connect, and then maybe also just provide a few bytes/kilobytes per second. This must be rare, but I'm 100% confident that there exists a system like this :D
Edit: okay, I should read first. The 15 times thing is said for azure machines.
fair enough. i can see that disabling safe mode would be a decent security measure. but by the time that kind of exploit is used, you've already got bad actors inside your network and there are much easier methods available to pivot to other devices and accounts.
Most of our machines at my office run Win 10 or 11 and we haven't had the blue screen. I was wondering why we hadn't experienced this. Still don't know.
Supposedly, one of the fixes (aside from rebooting and hoping it grabs the update fire) is to delete a single file in the CrowdStrike directory after booting into safe mode.
Why bother encrypting passwords? Just store them in plaintext, preferably on a web server that's publicly accessible so other services can easily access them.