In response to the global CrowdStrike outage, experts from the University of Adelaide mobilised to devise and implement a solution.
Collaborating with CrowdStrike, the Australian Signals Directorate (ASD) and the Australian Cyber Collaboration Centre (AUS3C), the University of Adelaide team — led by Associate Professor Hung Nguyen from the School of Computer and Mathematical Sciences — quickly validated and deployed a fix for the University’s ITDS infrastructure.
The CrowdStrike Falcon sensor software error caused widespread blue screen of death (BSOD) issues on Windows computers across the globe, affecting airlines, retail businesses, media outlets and universities.
“Using our long track record of research into Windows security, we, like many others in the global IT community, quickly brought our expertise to bear to examine the problem that was causing chaos around the world,” said Nguyen.
The official fix from CrowdStrike required computers to reboot into safe mode, which posed challenges due to Windows BitLocker’s requirement for a recovery key to reboot into safe mode. Many IT administrators lacked access to these keys, rendering them unable to recover from the outage. In extreme cases, data wipes and fresh installs were necessary.
The University of Adelaide team discovered a unique aspect of BitLocker's boot sequence protection and developed a method that allowed safe booting without a recovery key.
“The key to our solution lay in the Boot Configuration Data (BCD) database,” said Nguyen. By rewriting the BCD to a minimal boot configuration, the team enabled computers to boot into safe mode without requiring the recovery key, allowing the CrowdStrike update to be applied. This method preserved BitLocker’s data encryption.
On July 20, the solution was shared by AUS3C on LinkedIn, gaining widespread attention. “The post received widespread attention, with comments from researchers who successfully used our method. Some commenters confirm that by using our method they managed to fix ‘dozens’ of their computers,” said Nguyen.