Changes will be made after the CrowdStrike outage

CNBC

Microsoft said Friday it will hold a conference in September for cybersecurity firms to discuss ways the industry can evolve following a faulty CrowdStrike software update that caused millions of Windows computers to crash in July.
Delta Air Lines , which said fallout from the outage cost the company $550 million, is seeking damages from CrowdStrike and Microsoft.
Microsoft will meet with CrowdStrike and other security companies at its campus in Redmond, Washington, on Sept. 10 to discuss how to prevent similar issues in the future, a Microsoft executive told CNBC in an interview.
Software from CrowdStrike Check Point , SentinelOne and others in the endpoint-protection market currently depend on kernel mode.
But an application in kernel mode that fails can cause all of Windows to crash.
The Microsoft executive said removing kernel access in Windows would only solve a small percentage of potential problems.
Microsoft competes with CrowdStrike with its Defender for Endpoint product.
That team will attend like any other cybersecurity company and won’t receive preferential treatment, the executive said.

POSITIVE

Microsoft announced on Friday that it will host a conference for cybersecurity companies in September to talk about how the sector can change in the wake of the CrowdStrike software update that went wrong and crashed millions of Windows PCs in July.

Systems with internet connectivity were thrown into chaos by the incident. Hospitals postponed doctor’s appointments, logistics firms reported package delivery delays, and airlines canceled thousands of flights. Microsoft and CrowdStrike are being sued by Delta Air Lines, which claims that the fallout from the outage cost the business $550 million.

On September, Microsoft will host a meeting at its Redmond, Washington, campus with CrowdStrike and other security firms. 10 to talk about how to avoid such problems in the future, a Microsoft representative said in a CNBC interview. The individual asked to remain anonymous because they lacked authorization to speak about internal affairs in public.

According to the executive, attendees of the Windows Endpoint Security Ecosystem Summit will investigate the potential for applications to depend more on the user mode portion of Windows rather than the more privileged kernel mode.

Currently, kernel mode is used by software from CrowdStrike Check Point, SentinelOne, and other vendors in the endpoint protection space. According to a spokesman, SentinelOne uses this access to “monitor and stop bad behavior and prevent malware from turning off security software.”.

User mode applications are isolated, so if one crashes, it won’t affect other applications. However, Windows as a whole may crash due to a kernel mode application failing. CrowdStrike released a problematic content configuration update on July 19 for its Falcon sensor, which causes operating system crashes. The update was intended to collect information on new attacks. One by one, IT managers restarted the computers that had been updated and were showing the “blue screen of death.”.

The Microsoft official stated that only a small portion of possible issues would be resolved by eliminating kernel access in Windows.

Aside from discouraging developers from utilizing kernel extensions, Apple has recently restricted kernel access in macOS.

People in attendance at Microsoft’s Sept. The executive stated that the 10th event will also cover the adoption of memory-safe programming languages like Rust and eBPF technology, which verifies whether programs will run without causing system crashes.

The Rust Foundation is a nonprofit that provides stipends to individuals working on the language, and last year Microsoft gave $1 million to it.

Microsoft’s Defender for Endpoint product is in competition with CrowdStrike. According to the executive, that team won’t get special treatment and will attend alongside any other cybersecurity company.

scroll to top