Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage
Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week’s huge IT outage to happen
Microsoft has admitted that a landmark agreement with the European Union fifteen years ago, allowed last week’s huge IT outage to take place.
Last week’s failed security update from cybersecurity firm Crowdstrike had caused an estimated 8.5 million computers to fail globally – with experts calling it the world’s largest ever IT outage.
Crowdstrike on Monday stated that a “significant number” of affected devices were now back online, but the disruptions have impacted tens of thousands of flights, hospital appointments and business operations.
Kernel access
Now it has emerged that Microsoft has blamed the European Union for the outage, due to a 2009 agreement that ensures that Redmond does not operate the ‘walled garden’ approach that Apple utilises.
The 2009 agreement reached with the European Commission stipulates that Microsoft could not make security changes that would have blocked the update from Crowdstrike, Redmond said in comments to the Wall Street Journal newspaper.
“Friday’s outage was caused by a buggy update sent to corporate clients by CrowdStrike, one of hundreds of cybersecurity firms that have built a business promising to make Windows more secure. Microsoft has its own competing product, called Windows Defender,” according to the Wall Street Journal.
Last week’s defective update for CrowdStrike’s Falcon system triggered the Windows operating system infamous ‘blue screen of death’, because certain third parties have privileged access to a key part of a computer known as the kernel.
This means that software developers can create software which interacts with the computer’s OS at a deep level, which contributed to the bug being so devastating.
Microsoft’s in-house alternative to CrowdStrike is of course Windows Defender, but because of the 2009 agreement made to avoid a European competition investigation, Redmond was forced to allow multiple security providers to install software at the kernel level.
EU to blame?
That 2009 agreement had been reached after the European Commission had accused Microsoft since the early 2000s of having an unfair advantage over other companies because of its Windows operating system, which it alleged at the time gave Redmond an unfair advantage in other areas such as web browsers.
Apple meanwhile had in 2020 blocked access to the kernel on its Mac computers, arguing it would improve security and reliability.
“In 2020, Apple told developers that its MacOS operating system would no longer grant them kernel-level access,” the WSJ reported, adding that this change was a pain for Apple’s partners, though it meant that the blue screen of death couldn’t happen to Macs, according to Patrick Wardle, the chief executive of Mac security maker DoubleYou. “What it meant was that a lot of third-party developers, ourselves included, had to rewrite our security software,” Wardle said.
Because of this closed ecosystem, Apple has a “much healthier balance between forcing people to upgrade, forcing applications to maintain good security practices or they pull them off of the App Store,” in the words of Amit Yoran, chief executive of cybersecurity firm Tenable, who was quoted in the WSJ article.
Speaking to the Wall Street Journal, a Microsoft spokesman reportedly said Redmond could not make a similar change because of the EU agreement.