BREAKING: Australian websites go down after apparent CrowdStrike update causes Windows crashes

BREAKING: Australian websites go down after apparent CrowdStrike update causes Windows crashes

A number of Australian websites and companies are reporting that Windows PCs are mysteriously crashing the ominous blue screen of death, a critical system from which many devices fail to recover.

The issue has caused outages on numerous websites, with users of the Down Detector website reporting outages on a wide range of major Australian websites, including national broadcaster ABC, the big four banks, Foxtel, Telstra and NBN, to name a few. few.

An internal ABC email was shared with the guardiansuggesting the incident began this afternoon.

“Windows workstations are experiencing BSOD (blue screen of death) nationwide,” the ABC email said.

“The cause of this is unknown and is under active investigation.

“ABC Television production is currently on air, although some news studios are having problems. “Several radio studios across the country are offline, along with the Windows PCs that air ABC Radio output.”

However, the outage appears to be global and, according to a post shared on Reddit, the cause is a CrowdStrike update.

“Hi everyone, we have widespread reports of BSODs on Windows hosts occurring across multiple sensor versions. Investigating cause. TA will be released shortly,” one user shared on the r/crowdstrike forum.

The alert noted the scope of the disruption: EU-1, US-1, US-2 and US-GOV-1.

A link to the alert was also included on the CrowdStrike support portal. The portal is password protected and for CrowdStrike users only, but the alert URL: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor -2024-07- 19: Suggests the problem lies with CrowdStrike’s Falcon Sensor platform, which is designed to protect systems from malicious attacks.

We’ve reached out to CrowdStrike for comment.

UPDATE 16:46

The National Cyber ​​Security Coordinator has published a comment confirming that the incident is not a cyber attack.

“I am aware of a large-scale technical outage affecting a number of businesses and services across Australia this afternoon,” Lieutenant General Michelle McGuinness said on X.

“Our current information is that this outage relates to a technical issue with a third-party software platform employed by the affected businesses.”

LTGEN McGuinness added: “There is no information to suggest this is a cyber security incident. “We continue to engage with key stakeholders.”

UPDATE 17:08

CrowdStrike released another update, again shared on Reddit:

“CrowdStrike Engineering identified a content implementation related to this issue and reverted those changes.

“Steps to solve the problem:

  • “Start Windows in Safe Mode or Windows Recovery Environment
  • “Navigate to the directory C:\Windows\System32\drivers\CrowdStrike
  • “Locate the file that matches ‘C-00000291*.sys’ and delete it.
  • “Start the host normally.”

While the cybersecurity company Tesserent is working on its own solution:

“Tesserent, Thales Cyber ​​Solutions, is aware of an issue where devices running Microsoft Windows and CrowdStrike are displaying a ‘blue screen’ (BSOD) error and attempting to reboot,” Tesserent said this afternoon.

“CrowdStrike has confirmed this issue as a Falcon sensor issue. There is currently limited information available; however, CrowdStrike is urgently investigating.

“The Tesserent Security Operations Center will continue to monitor the situation and provide updates to managed services customers, including resolution plans once they become available.

“Currently, our Security Operations Center has our engineering teams testing rollback as a potential solution and has a pilot underway. If this resolution is confirmed, we will work with our customers to implement this solution.”

UPDATE 17:12

It seems the issue is causing huge problems with airlines around the world. Sydney and Melbourne airports are experiencing issues with departure screens, while in the US, American Airlines, United and Delta have asked the Federal Aviation Administration for a global ground stop on all flights, with several airlines on the ground.

Meanwhile, closer to home, the National Emergency Mechanism will hold a meeting shortly.

UPDATE 17:23

Sydney Airport has issued a statement:

“A global technical disruption has affected some airline operations and terminal services.

“Currently flights are arriving and departing; however, there may be some delays overnight.

“We have activated our contingency plans with our airline partners and deployed additional staff to our terminals to assist passengers.

“Anyone traveling today should have enough time to come to the airport and check with their airline about the status of their flight.”

Also, here is the full statement from the Australian government:

“The Australian Government is working closely with the National Cyber ​​Security Coordinator on this outage.

“We understand that Triple-0 services are currently not affected by this interruption.

“The information as it stands is that this outage relates to a technical issue with a third-party software platform employed by the affected businesses.

“As the cybersecurity coordinator has said, there is no information to suggest this is a cybersecurity incident and they continue to engage with key stakeholders.

“The National Emergency Mechanism group will meet shortly, co-chaired by the National Emergency Management Agency.”

UPDATE 17:34

Victoria’s Geelong line has also issued a statement: trains are also stopped.

“Trains are suspended due to communication failure. More information below,” V/Line said in X.

UPDATE 17:37

Tesserent now says that “CrowdStrike [has] implemented a new content update [that] Resolves previously failed update and subsequent host issues. As your devices receive this update, you may need to reboot for the changes to take effect and for blue screen (BSOD) issues to resolve.

If that doesn’t work, the solution we shared above should still be useful.

UPDATE 18:02

The Commonwealth Bank has said it has been affected by the outage, although not all customers appear to be having problems.

“We are aware of a large-scale technical disruption affecting several businesses,” the CBA said.

“This outage relates to a technical issue with a third-party software platform.

“We are urgently investigating any impact on our systems and services.

“We know that some customers have been unable to make PayID payments. If you can’t use PayID, you can still make payments between your accounts or pay someone using your BSB and account number.

“We are sorry for the inconvenience. Thank you for your patience as we work through the impacts.”

UPDATE 18:06

Now, Service NSW has joined the list of organizations affected by the CrowdStrike issue.

“Service NSW has been affected by a global third-party IT outage affecting transactions in service centers and contact centres. Service NSW apologizes to customers for any inconvenience. Crews are working to restore services as quickly as possible. “The majority of digital transactions have not been affected and people are encouraged to complete transactions through the Service NSW website where possible.”

UPDATE 18:29

The National Emergency Management Agency meeting started at 6 pm, but from here on out, we’ll be logging out of the live blog. If you stayed with us, thanks for tuning in.

UPDATE 18:34

Ok, one more update. Prime Minister Anthony Albanese has just issued an update:

“I understand Australians are concerned about the disruption occurring globally affecting a wide range of services.

“My government is working closely with the National Cyber ​​Security Coordinator.

“There is no impact on critical infrastructure, government services or Triple-0 services at this stage.

“The National Coordination Mechanism has been activated and is meeting now.”

And now, good night.

Leave a Reply

Your email address will not be published. Required fields are marked *