Microsoft Plans Windows Security Reform After CrowdStrike Incident
Unlock Digest Editor for free
FT Editor Roula Khalaf picks her favourite stories in this weekly newsletter.
Microsoft is stepping up plans to make Windows more resistant to buggy software after a faulty CrowdStrike update caused millions of computers and servers to go offline in a global IT outage.
Over the past month, the tech giant has stepped up talks with partners about tweaking the security processes around its operating system to better withstand the kind of software bug that crashed 8.5 million Windows devices on July 19.
Critics say any change to the Microsoft would be tantamount to conceding shortcomings in Windows’ handling of third-party security software that could have been addressed sooner.
However, they have also been controversial among security vendors as they require fundamental changes to their products and force many Microsoft customers to adapt their software.
Last month power failure — estimated to have caused billions of dollars in damage after grounding thousands of flights and disrupting hospital appointments worldwide — has prompted regulators and business leaders to look more closely at the level of access third-party software vendors have to the core, or kernel, of the Windows operating system.
Microsoft said on Friday that it will host a summit next month for government representatives and cybersecurity companies, including CrowdStrike, to “discuss concrete steps we will all take to improve security and resilience for our shared customers.”
The meeting will take place on September 10 at Microsoft’s headquarters near Seattle, the company said in a statement. blog post.
Kernel errors can quickly crash entire operating systems, causing millions of “blue screens of death” to appear globally in the aftermath. CrowdStrike’s Faulty Software Update has been sent to the customer’s device.
Microsoft told the Financial Times that it is considering a number of options to make its systems more stable and has not ruled out blocking access to the Windows kernel entirely—an option that some rivals fear would put their software at a disadvantage compared to the company’s own in-house security product, Microsoft Defender.
“All competitors are concerned that [Microsoft] “Tech companies will use this to prioritize their own products over third-party alternatives,” said Ryan Kalember, director of cybersecurity strategy at Proofpoint.
Microsoft could also require cybersecurity vendors to adopt new testing procedures instead of tweaking Windows systems itself.
Apple, which was not affected by the outage, has blocked all third-party vendors from accessing the MacOS kernel, forcing them to operate in a more restrictive “user mode.”
Microsoft has previously stated that it cannot do so after reaching an agreement with the European Commission in 2009 that it would grant third parties the same access to its systems as it does to Microsoft Defender.
However, some experts argue that this voluntary commitment to the EU does not bind Microsoft in the way it claims, arguing that the company is always free to make the changes under consideration.
“These are technical decisions by Microsoft that are not part of [the arrangement]”, said Thomas Graf, a partner at Cleary Gottlieb in Brussels who is involved in the case.
“Document [of the understanding] “It doesn’t require them to give access to the nuclear,” added AJ Grotto, a former senior director for cybersecurity policy at the White House.
Grotto said Microsoft also bears some responsibility for the July outage because it could not have happened without Microsoft’s decision to allow access to the kernel.
But while it could increase system resilience, blocking kernel access could also bring “real trade-offs” in compatibility with other software that has helped make Windows popular among enterprise customers, said Forrester analyst Allie Mellen.
“It would be a fundamental change to Microsoft’s philosophy and business model,” she added.
Mellen added that operating entirely outside the kernel could reduce the risk of causing a mass outage but was also “very restrictive” for security vendors and could make their products “less effective” against hackers.
She added that operating in the kernel gives security companies more information about potential threats and allows their defense tools to kick in before malware can penetrate.
One alternative might be to copy the model used by the open source operating system Linux, which uses a filtering mechanism that creates an isolated environment in the kernel where software, including network defense tools, can run.
But rivals say the complexity of changing how other security software works on Windows means any changes would be difficult to oversee by regulators and Microsoft would have a strong incentive to prioritize its own products.
“It sounds great on paper, but the devil is in the details,” said Matthew Prince, chief executive of digital services group Cloudflare.
