If it was a bad update, then why not just back it out? Windows has a recovery feature to roll back to before the last change was applied.
The problem is that the update causes a BSOD crash so that's not possible.
From what I have read it requires each Windows device be booted into SM/WRM (Safe Mode/Windows Recovery Mode) and then having to manually delete files in a directory.
Because Crowdstrike's Falcon application is used by so many government agencies and large corporations, you can imagine how long that process will take the nowhere-near-large-enough-IT-departments going from device to device performing those steps even if they seem minor.
For a regular Windows computer, you could probably create a bootable USB drive that could automate the fix with a simple insert-boot-remove-reboot process, but I am sure most larger organizations have stricter configurations in place that make it more difficult or requires direct IT personnel access to implement the changes.
Decades ago, everything ran off of mainframes using "dumb" terminals so IT issues like this were easier to find, fix and resolve as you typically only had 1 to 3 network-wide failure points.
The transition to "smart" workstations created countless numbers of failure points and this was further hampered by necessary security systems to protect both the workstations as well as all network devices and stored data.
In recent years, you are starting to see more virtually powered centralized servers again, but it's not the same as the mainframe days because most connected devices are still "smart" workstations.
What I am hoping to see is the separation of workstation and network integration methods in the near future.
Just like virtual servers/machines allow the separation of workstations and operating systems, it would be a lot more secure if applications were running remotely on spin-up virtual server/serverless platforms and the access methods used by remote devices was limited to enchanced terminal software/firmware like it was back in the mainframes days.
That way, the security access would be on a security card (USB, SDCard, custom card, bio scan, etc.) and you would simply insert or scan to authorize any capable device and suddenly you are back live again.
A large corporation or government agency then could buy hundreds of cheap laptops, tablets or other corporate/government-issued mobile devices and hand them out if something like this happens to provide a temporarily solution.
