CrowdStrike issues a fix to Falcon sensor update bug after global impact

CrowdStrike has deployed a new content update that resolves the previously erroneous update and subsequent host issues impacting major global organisations and banks.

In a statement the security vendor said it was actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts were not impacted.

“This is not a security incident or cyberattack,” CrowdStrike stated. “The issue has been identified, isolated and a fix has been deployed.

“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organisations ensure they’re communicating with CrowdStrike representatives through official channels. 

“Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”

According to Cyber Solutions by Thales, Tesserent, as devices receive this update, they may need to reboot for the changes to take effect and for the blue screen (BSOD) issues to be resolved.

Tesserent noted, if hosts are still crashing and unable to stay online to receive the channel file changes, the following steps can be used to work around this issue:

1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys” and delete it. 
4. Boot the host normally.

Tesserent originally issued an alert about a global outage impacting Microsoft Windows devices on 19 July, a few hours after global outages were reported.

According to Tesserent, devices equipped with CrowdStrike, were experiencing a critical “blue screen” (BSOD) error and are repeatedly attempting to reboot.

CrowdStrike has confirmed this issue as a Falcon sensor issue. Although limited information is available, the cyber security firm is urgently investigating.

The Tesserent Security Operations Centre will continue to monitor the situation and provide managed services clients with updates, including resolution plans, once they become available.

The outage hit Australian organisations on 19 July and every major company, from Foxtel to MyGov, the big four banks and supermarkets had been affected. Airlines were also experiencing issues, forcing planes to remain grounded.

According to  ABC News, the national broadcaster “was experiencing a major network outage, along with several other media outlets”.

“Crowd-sourced website Downdetector is listing outages for Foxtel, National Australia Bank and Bendigo Bank,” stated ABC News.

Across the Tasman the NZ Herald reported Kiwi’s were experiencing issues with banking and transport services, including delayed flights as well.

While retail and supermarket checkout systems have gone down, some NZ-based Countdown stores closed entirely.

Australian authorities have gathered for an emergency meeting with the National Cyber Security Coordinator putting out a statement on X, saying it was aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon.

“Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies.”