While organizations such as Delta Airlines are continuing to cancel flights in the wake of last week’s Windows crash due to an errant CrowdStrike update, Microsoft’s chief communications officer offers up an explanation on how the breakdown was even possible.
The CrowdStrike update that took out millions of Windows PCs is still under investigation by the company, but plenty of online cyber security experts have already identified the kernel-level access vulnerability that led to world-wide Blue Screen of Death (BSOD) epidemic users experienced.
Without getting too into the weeds, CrowdStrike’s cyber security platforms were given special access to the Windows kernel to run its solutions, however, that same level of access isn’t afforded to the company on other operating systems such as Linux or MacOS, which has led many to question why the industry leading OS could allow such a vulnerability.
In response to the cacophony of cyber security experts asking questions about Windows’ underlying security architecture, Shaw offered an explanation on why Windows even allows kernel-level access to any third-party vendor.
According to a spokesperson Shaw quote tweets, the reason its Windows OS even allows for kernel-level access to third party vendors unlike Apple or Linx is because of the European Commission.
To avoid another anticompetitive strike against the company, Microsoft offered a concession that included access to the Windows kernel.
In light of Shaw’s tweak, many online were quick to point out that if Microsoft simply denied access to the Windows kernel flatly, the company would still be in compliance with the EU mandate, however, since Microsoft also leverages this level of access for items such as Microsoft Defender and other security solutions it sells to customers, it would be anticompetitive for it retain access to the kernel while denying others.
So, it would seem, short of going back to regulators with an amended argument for selective self-benefiting access to Windows, Microsoft has its hands tied when talking about any immediate solutions. However, that is not to say there aren’t other path future development of Windows can take to mitigate similar potential issues such as hardening the kernel further with additional API tools that require sign-in Endpoint Detection Response tools or strip out Defender and other products the company sells and refuse kernel access to everyone.
Nevertheless, it should be stated that CrowdStrike is mostly at fault here, and that any moves Microsoft makes today aren’t the silver bullet solution for last week’s issue. CrowdStrike has issued a workaround that boils down to rebooting and launching into a Safe Mode for individual hosts and detaching the OS disk volume from the affected virtual server for public or cloud environments.
Check here for details.
Considering the worldwide catastrophe the CrowdStrike update caused, it will be interesting to see how Microsoft leverages this learning experience and how regulators view the context of the issue going forward when weighing security over accessibility.
