Incident Overview

On Friday, a significant software outage disrupted airlines, TV stations, and supermarkets, grounding flights and causing newsreaders to scramble for content.

This outage had a global impact, affecting millions of systems in Australia and beyond, and is linked to the US cybersecurity firm CrowdStrike and its Falcon Sensor software.

Understanding CrowdStrike Falcon

CrowdStrike is a leading cybersecurity vendor, providing software to thousands of businesses globally to protect against viruses and cyberattacks. Headquartered in Austin, Texas, the company employs nearly 10,000 people. CrowdStrike Falcon is the company's software that operates in the background of many corporate systems, detecting viruses and cyber threats.

How the Outage Occurred

The outage caused Microsoft laptops and PCs to display a "blue screen of death," making systems inaccessible. The issue began around 3 pm on Friday (AEST) and initially affected users in the US before reaching Australia.

"We’re aware of a widespread issue causing BSOD errors on Windows machines across various sensor versions," a CrowdStrike representative stated in a forum post.

Why Was Microsoft Affected So Much?

Although Microsoft was not the source of the outage, CrowdStrike’s Falcon software is primarily used on Microsoft Windows systems. Microsoft stated on X (formerly Twitter) that it was investigating the incident.

Government Response

The federal government indicated there was no evidence suggesting the outage was a hack or cybersecurity incident.

"I am aware of a large-scale technical outage affecting several companies and services across Australia this afternoon," National Cyber Security Coordinator Michelle McGuinness stated on X. "Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies. There is no information to suggest it is a cybersecurity incident. We continue to engage across key stakeholders."

Frequency of Such Incidents

Outages are relatively common, with telcos, banks, and supermarkets often experiencing technical glitches that typically last a few hours. However, an outage of this scale underscores the reliance of our modern economy on technology and its interconnected nature.

Impact on Home Computers

CrowdStrike’s Falcon software is used primarily on large business and enterprise systems, not on home Windows PCs. Therefore, home computers should not be affected by this issue.

Is There a Fix?

CrowdStrike has provided a temporary workaround:

• Boot Windows into Safe Mode or the Windows Recovery Environment (you can do this by holding down the F8 key before the Windows logo appears).
• Navigate to the C:\Windows\System32\drivers\Crowdstrike directory.
• Locate the file matching “C-00000291*.sys”, right-click, and rename it to “C-00000291*.renamed”.
• Boot the host normally.