After a bug in the CrowdStrike software update caused millions of Windows systems to crash in July, Microsoft said on Friday that it will convene a meeting for cybersecurity firms in September to discuss potential changes to the industry.
The incident caused havoc in systems connected to the internet. Airlines canceled thousands of flights, hospitals postponed doctor visits, and logistics companies reported delays in product delivery. Delta Air Lines is suing Microsoft and CrowdStrike for damages, stating that the disruption’s aftereffects cost the company $550 million.
On September 10, Microsoft will have a meeting at its Redmond, Washington, campus with CrowdStrike and other security firms to talk about preventing similar problems. The issue caused a disruption in system connectivity to the internet. Doctor appointments were delayed by hospitals, thousands of flights were canceled by airlines, and package delivery delays were recorded by logistics companies. According to a Microsoft executive who spoke with CNBC, Delta Air Lines is suing Microsoft and CrowdStrike for damages, alleging that the aftermath of the outage cost the company $550 million. The individual asked to remain anonymous since they lacked authorization to speak about internal affairs in public.
According to the executive, attendees of the Windows Endpoint Security Ecosystem Summit will investigate the potential for programs to depend more on the user mode portion of Windows rather than the more privileged kernel mode.
Kernel mode is now used by software from CrowdStrike Check Point, SentinelOne, and other endpoint protection companies. According to a spokesman, SentinelOne uses this access to “monitor and stop bad behavior and prevent malware from turning off security software.”
User mode apps are segregated from one another, so if one breaks, it won’t affect other apps. However, a failed kernel mode application can crash Windows as a whole. In an attempt to collect information on fresh attacks, CrowdStrike published a flawed content configuration update for their Falcon sensor for Windows systems on July 19. This update caused operating system crashes. One by one, IT managers restarted the computers that had received the upgrade and were showing the “blue screen of death.”
According to the Microsoft official, just a small portion of the issues would be resolved by eliminating kernel access in Windows.
Apple discourages developers from utilizing kernel extensions and has restricted kernel access in macOS in recent years.
According to the executive, attendees at Microsoft’s event on September 10 will also talk about the adoption of memory-safe programming languages like Rust and eBPF technology, which verifies if programs will run without causing system failures.
Microsoft gave $1 million to the nonprofit Rust Foundation last year, which supports language developers with stipends.
Microsoft’s Defender for Endpoint solution is in competition with CrowdStrike. According to the CEO, that team will attend like any other cybersecurity organization and won’t be given special treatment.
According to a blog post by Microsoft Corporate Vice President Aidan Marcuss, “we will share further updates on these conversations following the event.”
