Microsoft Launches Restoration Tool in Windows 11 After CrowdStrike Failure
New 'Point-in-time Restore' Feature Allows Reversing Faulty Updates Without Affecting Personal Data.
July 12, 2026 · 4 min read
TL;DR: Microsoft introduces 'Point-in-time Restore' in Windows 11 in response to the CrowdStrike failure. It allows reverting problematic updates without data loss. Available in Insider phase.
What Happened?
In July 2024, a faulty update to CrowdStrike Falcon security software caused approximately 8.5 million Windows devices worldwide to crash with the dreaded Blue Screen of Death (BSOD). The incident affected critical sectors such as airlines (Delta, United, American Airlines), banks (JPMorgan Chase, Bank of America), hospitals (NHS in the UK), and media outlets (Sky News, The Guardian). According to CrowdStrike, the failure was due to an error in a sensor configuration update that caused an out-of-bounds memory read condition, undetected during testing. This event highlighted the fragility of operating systems when third-party components fail, especially those with kernel access. In response, Microsoft announced the Windows Resiliency Initiative, whose first fruit is the Point-in-time Restore feature, initially available to Windows 11 Insider Preview users in the Canary channel.
Why Is It Important?
This tool allows users to restore the system to a previous state without losing personal files or applications. Unlike traditional recovery options, such as System Restore or Reset this PC, this feature is specifically designed to undo unwanted changes caused by software updates, whether from Microsoft or third parties. According to ZDNet, the feature acts as an 'ultimate undo button,' making it a lifesaver in catastrophic failures like CrowdStrike. Technically, Point-in-time Restore works by creating system snapshots before applying critical updates. Unlike traditional System Restore, which only monitors changes to system files and the registry, this new feature also captures the kernel and driver state, allowing reversal of even kernel-level modifications. Historically, similar incidents, such as the McAfee update error in 2010 that deleted system files on XP, or the Microsoft security update failure in 2018 that caused BSOD on some configurations, have underscored the need for robust rollback mechanisms. However, the CrowdStrike incident was the most severe in terms of scale and impact on critical infrastructure.
What Consequences Will It Have?
The implementation of this tool could change how businesses and users manage updates. For organizations, it reduces downtime and costs associated with manual system recovery. The CrowdStrike incident is estimated to have cost affected companies over $5 billion in direct losses, according to Parametrix Insurance. Additionally, it sends a signal to the industry about the need for robust rollback mechanisms, especially when security software has privileged kernel access. Microsoft has also announced it will work with security partners to develop APIs that allow third-party products to create restore points before applying updates. However, the feature is still in testing and it is unknown when it will be available to all Windows 11 users. It is expected to be part of a major update in 2025, possibly version 24H2. For businesses, this means they will need to plan the implementation of this feature into their patch management workflows, as well as adjust storage policies to accommodate additional snapshots.
What Should Readers Know?
For now, Point-in-time Restore is only available to Windows Insider participants in the Canary channel. Microsoft has not confirmed a date for general release, but it is expected to be part of a major Windows 11 update in 2025. Users should note that the tool does not replace regular backups, but is a complement for emergency situations. Additionally, it may require extra disk space to store restore points. It is recommended to have at least 10-15 GB free for snapshots. It is also important to note that the feature cannot revert firmware or hardware changes, and its effectiveness depends on a restore point being created before the failure. Microsoft is working to have critical updates automatically generate these points. Finally, while the tool is a significant advancement, experts warn it is not a complete solution. As David Weston, Vice President of Enterprise and OS Security at Microsoft, notes: 'This feature is a great step forward in system resiliency, but it is not a silver bullet. Companies must continue to implement backup and disaster recovery strategies.' In summary, Point-in-time Restore is a promising tool that, combined with good backup practices, can mitigate the impact of future incidents similar to CrowdStrike.
'This feature is a great step forward in system resiliency, but it is not a silver bullet. Companies must continue to implement backup and disaster recovery strategies,' says David Weston, Vice President of Enterprise and OS Security at Microsoft.