Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

BREAKING: Websites across Australia go dark after apparent CrowdStrike update causes Windows crashes

Devices at the ABC, Foxtel, the Commonwealth Bank and many more have been impacted by blue screens of death on Windows PCs around the country.

user icon David Hollingworth
Fri, 19 Jul 2024
BREAKING: Websites across Australia go dark after apparent CrowdStrike update causes Windows crashes
expand image

A swathe of Australian websites and businesses are reporting that Windows PCs are mysteriously crashing to the ominous blue screen of death – a critical system that many devices are not recovering from.

The issue has caused disruptions to numerous websites, with users on the Down Detector website reporting outages to a wide range of major Australian websites, including the national broadcaster the ABC, the big four banks, Foxtel, Telstra, and the NBN, to name a few.

An internal email from the ABC was shared with The Guardian, suggesting the incident began earlier this afternoon.

============
============

“Windows workstations experiencing BSOD (Blue Screen of Death) nationally,” the ABC email said.

“The cause of this is unknown and is under active investigation.

“ABC Television output is currently on air, although some news studios are having issues. Several radio studios across the country are offline, alongside the Windows PCs, which switch ABC Radio outputs to air.”

The outage, however, appears to be global, and according to a post shared on Reddit, the cause is a CrowdStrike update.

“Hello, everyone – We have widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly,” one user shared r/crowdstrike forum.

The alert noted the scope of outage: EU-1, US-1, US-2 and US-GOV-1.

Also included was a link to the alert on CrowdStrike’s support portal. The portal is password protected and for CrowdStrike users only, but the alert’s URL – https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19 – suggests the issue lies with CrowdStrike’s Falcon Sensor platform, which is designed to protect systems from malicious attacks.

We have reached out to CrowdStrike for comment.

UPDATE 4.46pm

The National Cyber Security Coordinator has released a comment confirming the incident is not a cyber attack.

“I am aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon,” Lieutenant General Michelle McGuinness said on X.

“Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies.”

LTGEN McGuinness added: “There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders.”

UPDATE 5.08pm

CrowdStrike has released another update, again shared on Reddit:

“CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

“Workaround Steps:

  • “Boot Windows into Safe Mode or the Windows Recovery Environment
  • “Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  • “Locate the file matching ‘C-00000291*.sys’, and delete it.
  • “Boot the host normally.”

While cyber security firm Tesserent is working on its own fix:

“Tesserent, cyber solutions by Thales, is aware of an issue, in which devices running Microsoft Windows and CrowdStrike are displaying a ‘blue screen’ (BSOD) error and attempting to reboot,” Tesserent said late this afternoon.

“This issue has been confirmed by CrowdStrike as a Falcon sensor issue. There is currently limited information available; however, CrowdStrike are investigating with urgency.

“The Tesserent Security Operations Centre will continue to monitor the situation and provide updates to managed services clients, including resolution plans once these become available.

“Currently, our Security Operation Centre have our engineering teams testing rollback as a potential solution and have a pilot underway. If this resolution has been confirmed, we will work with our clients to roll out this fix.”

UPDATE 5.12pm

It appears the issue is causing massive issues with airlines all over the world. Both Sydney and Melbourne airports are experiencing issues with departure screens, while in the US, American Airlines, United, and Delta have all asked the Federal Aviation Administration for a global ground stop on all flights, with multiple airlines grounded.

Meanwhile, closer to home, the National Emergency Mechanism will hold a meeting shortly.

UPDATE 5.23pm

Sydney Airport has released a statement:

“A global technical outage has impacted some airline operations and terminal services.

“Flights are currently arriving and departing; however, there may be some delays throughout the evening.

“We have activated our contingency plans with our airline partners and deployed additional staff to our terminals to assist passengers.

“Anyone travelling today should leave plenty of time to come to the airport and check with their airline regarding the status of their flight.”

Also, here’s that full statement from the Australian government:

“The Australian government is working closely with the National Cyber Security Coordinator on this unfolding outage.

“We understand Triple-0 services are currently not affected by this outage.

“The information as it stands is this outage relates to a technical issue with a third-party software platform employed by affected companies.

“As the cyber security coordinator has said, there is no information to suggest this is a cyber security incident and they are continuing to engage across key stakeholders.

“The National Emergency Mechanism group will meet shortly, co-chaired by the National Emergency Management Agency.”

UPDATE 5.34pm

Victoria’s Geelong Line has also released a statement – the trains are stopped, too.

“Trains are suspended due to communication fault. Further information to follow,” V/Line said on X.

UPDATE 5.37pm

Tesserent is now saying that “CrowdStrike [has] deployed a new content update [that] resolves the previously erroneous update and subsequent host issues. As your devices receive this update, you may need to reboot for the changes to take effect and for the blue screen (BSOD) issues to be resolved.”

If that doesn’t work, the workaround we shared earlier should still help.

UPDATE 6.02pm

The Commonwealth Bank has said it has been impacted by the outage, though not all customers appear to be having issues.

“We are aware of a large-scale technical outage affecting a number of companies,” the CBA said.

“This outage relates to a technical issue with a third-party software platform.

“We are urgently investigating any impacts to our systems and services.

“We know some customers have been unable to make PayID payments. If you are unable to use PayID, you’re still able to make payments between your accounts or pay someone using their BSB and account number.

“We’re sorry for the inconvenience. Thanks for your patience while we work through the impacts.”

UPDATE 6.06pm

Now, Service NSW has joined the list of organisations impacted by the CrowdStrike issue.

“Service NSW has been impacted by a worldwide third-party IT outage impacting transactions in Service Centres and Contacts Centres. Service NSW apologises to customers for any inconvenience. Teams are working to restore services as quickly as possible. The majority of digital transactions have not been impacted, and people are encouraged to complete transactions via the Service NSW website where possible.”

UPDATE 6.29pm

The National Emergency Management Agency meeting began at 6pm, but from here, we’ll be signing off on the live blog. If you stuck with us, thanks for tuning in.

UPDATE 6.34pm

OK, one more update. Prime Minister Anthony Albanese has just released an update:

“I understand Australians are concerned about the outage that is unfolding globally and affecting a wide range of services.

“My government is working closely with the National Cyber Security Coordinator.

“There is no impact to critical infrastructure, government services or Triple-0 services at this stage.

“The National Coordination Mechanism has been activated and is meeting now.”

And now, good night.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.