Business Global IT outage live updates: Australian banks, airlines, media outlets taken offline - Bloody Bitch Bastard

There's a global outage of MicroSoft Windows machines currently, amusingly. This website is laid out in a very frustrating way, so I've included the main excerpts here:
https://www.abc.net.au/news/2024-07...-microsoft-banks-airlines-australia/104119960 (archive)

There are reports of IT outages affecting major institutions in Australia and internationally.
The ABC is experiencing a major network outage, along with several other media outlets.
Crowd-sourced website Downdetector is listing outages for Foxtel, National Australia Bank and Bendigo Bank.

Like a number of other organisations, global issues affecting CrowdStrike and Microsoft are disrupting some of our systems.
The issue is causing some holdups for some of our customers and we thank them for their patience.
There is no impact to our fixed or mobile network which continue to operate.
Calls to our Triple Zero contact centres are not affected, but we understand some state emergency services are also impacted and we are working with them to implement backup processes.

CrowdStrike ran a recorded phone message on Friday saying it was aware of reports of crashes on Microsoft's Windows operating system relating to its Falcon sensor.
"Thanks for contacting CrowdStrike support. CrowdStrike is aware of reports of crashes on Windows … related to the Falcon sensor," a prerecorded message played when a Reuters reporter called the company's technical support.

University of Melbourne lecturer in cyber security Shaanan Cohney says there appear to be two separate things happening at once to cause the mass outages we are seeing.
The first issue, he says, appears to have been caused by a piece of software developed by a company called CrowdStrike.
"It's a computer security vendor that provides a monitoring service to large enterprises so they can see on computers within their control if there's any indications of suspicious activity or things that would require a security alert or to lock down the computer," Dr Cohney says.
"Because this software needs to see everything that is going on, it's very tightly integrated into the computer's software, so when you install it, it asks for a lot of permissions so that it can ask for everything going on on the computer.
"However, because it's in such a privileged position, if something goes wrong with it, if there's a programming mistake it has the capability to bring down the entire computer.
"If someone makes the wrong type of mistake it can bring the whole system down.
"As far as we can tell what it looks like happened with this piece of software is the company issued a significant update and something in the update went wrong.
"Engineers at the company and those outside are scrambling to try to pinpoint the source so they can try to pinpoint the problem so that's why companies are telling their employees to shut down their computer in order to prevent them from updating so those employees can maintain some minimal capabilities and have access to documents that are offline."
Reporting by Andi Yu

lcimg-7620c845-53fb-4caa-84ce-f61f76fa0ee6.jpeg
lcimg-5416bf03-1f8b-4709-b65b-ab1615785cba.jpeg
 
Multiple 911 jurisdictions experiencing issues with their secure teletype systems, and emergency telecommunications centers terminals BSoDing. The teletype system is the only way many jurisdictions are allowed to communicate with eachother in terms of record and information exchanges.

That was a long night.

My guess goes to the competency crisis.
 
I've never had to pause updates in so long either, but so glad to KF for the warning or I'd have no idea. Glad this was on the most active politics thread for sure.
It's not a Windows update causing issues, it's the CS Falcon sensor. There's no reason to pause Windows updates and you'll know if you're using CS as you'll already be felted.
 
fyi, dealing with this with a friend at his factory since i used to do a lot of IT and he's facing fixing 400+ systems with only one other guy:

reference: https://www.reddit.com/r/sysadmin/comments/1e6vq04/many_windows_10_machines_blue_screening_stuck_at/

start PC in safe mode (if you use bitlocker you will need to get the recovery key).

in powershell or explorer or whatever you like, navigate to %windir%\System32\drivers\CrowdStrike\

delete any recent C-00000291*.sys file (current is ending in *30 through *39). this disables the csagent.sys driver from loading.

the recent update was replaced already with a roll back. you may need to manually update or install falcon again. but this will get you back into a working windows env.
 
Hacker News throwaway claims to know what's happened. (Archive)

tl;dr pissed over everyone's rules pushing a performance fix to production.

Wyświetl załącznik 6208646
Lol. Even scripting up the fix is beyond this loser’s ability. The API can absolutely attach a disk.

Also that’s what you get for auto updates and a homogeneous ecosystem.

I wonder how many billions factories and airlines that run Linux are going to make due to their winbloze competitors being totally dead in the water for weeks. Lmao, even
 
status.png
Awareness - Virtual Machines

We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July.

We recommend customers that are able to, to restore from a backup from before this time.

Alternatively, customers can attempt to repair the OS disk offline by following these instructions:

Attach an unmanaged disk to a VM for offline repair

Disks that are encrypted may need these additional instructions:

Unlocking an encrypted disk for offline repair

Once the disk is attached, customers can attempt to delete the following file.

Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys

The disk can then be attached and re-attached to the original VM.

We recommend customers that are continuing to experience issues to reach out to CrowdStrike for additional assistance.

Additionally, we are continuing to investigate additional mitigation options for customers and will share more information as it becomes known.

This message was last updated at 09:26 UTC on 19 July 2024
https://azure.status.microsoft/en-us/status (ghostarchive.org)
 
Ostatnio edytowane:
All the computers in my hospital use Windows and CrowdStrike Falcon. Guess I'm going old school and writing paper orders today. I just hope IT didn't run the update.
 
Wyświetl załącznik 6208725
Awareness - Virtual Machines

We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July.

We recommend customers that are able to, to restore from a backup from before this time.

Alternatively, customers can attempt to repair the OS disk offline by following these instructions:

Attach an unmanaged disk to a VM for offline repair

Disks that are encrypted may need these additional instructions:

Unlocking an encrypted disk for offline repair

Once the disk is attached, customers can attempt to delete the following file.

Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys

The disk can then be attached and re-attached to the original VM.

We recommend customers that are continuing to experience issues to reach out to CrowdStrike for additional assistance.

Additionally, we are continuing to investigate additional mitigation options for customers and will share more information as it becomes known.

This message was last updated at 09:26 UTC on 19 July 2024
https://azure.status.microsoft/en-us/status (archive.ph)
Hmm. Microsoft could blacklist the fucked up files based on their hash from any storage. If some customer wanted to be a weirdo they could have a little opt in checkbox to not have the files removed.

Disasters like this really should make a company go out of business. But look at Boeing, nothing is ever really bad enough for these fucks because the bar is 80 IQ nigger level now. Insert america is a nation of niggers text.
 
sdgjklheskl.hgpslFJwl;JGwL:JgklEHGeklahgeLKHG MY FLIGHT WAS CANCELLED
BECAUSE OF THIS SHIT
NIGGER NIGGER NIGGER
NIGGER
There's not enough niggers in this post. Shame on you.

Really though, sucks mate.
Lol. Even scripting up the fix is beyond this loser’s ability. The API can absolutely attach a disk.

Also that’s what you get for auto updates and a homogeneous ecosystem.

I wonder how many billions factories and airlines that run Linux are going to make due to their winbloze competitors being totally dead in the water for weeks. Lmao, even
I know my factory is going to be livid in the morning.
 
Wstecz
Top Na dole