CrowdStrike Outage: Microsoft Points Finger at EU Agreement

The blue screen of the death incident caused by the cybersecurity company CrowdStrike is still unfolding. Although the problematic update has been withdrawn, a large number of damaged Windows systems require IT administrators to manually restore them one by one, leading to many critical industry systems remaining non-functional.

Why can security software cause Windows systems to crash with blue screens? This issue is related to an agreement Microsoft reached with the EU in 2009, which mandates that Microsoft grant security software developers the same level of access to Windows.

Those familiar with security software already understand this situation, where the core drivers of security software, after being signed and certified by Microsoft, have kernel-level access when installed on Windows. Thus, once security software is installed, it can perform various extremely complex operations.

A Microsoft spokesperson recently discussed the blue screen incident caused by CrowdStrike and the control over security software permissions in an interview with The Wall Street Journal. Microsoft explained that the company cannot further lock down the operating system to enhance security.

The electronic version of the agreement between the company and the EU can be found on Microsoft’s website. This agreement stipulates that Microsoft is obliged to open the APIs used by its security products in the Windows client and server systems to third-party security software developers.

The agreement also requires Microsoft to document these APIs on the Microsoft Developer Network, allowing security software developers to access them, unless these APIs could pose a security risk.

The EU has such requirements because it fears that if Microsoft does not open these APIs, it could impact market competition. This agreement is intended to create a level playing field, though the downside is reduced security, as demonstrated by the CrowdStrike blue screen incident.

Apart from the Windows system, the EU does not have similar requirements for macOS or ChromeOS. In 2020, Apple even notified developers that kernel-level access would no longer be provided, which did affect some Mac software but improved system stability and security.

Mac users who wish to grant kernel-level access to software need to undergo a complex process, meaning that in most cases, users will not grant such access. Therefore, third-party software causing Mac crashes and serious security issues will be significantly reduced.

Related Posts:

• Widespread Outage: CrowdStrike Update Affects 8.5 Million Windows Users
• CrowdStrike Global Threat Report: extortion and weaponization of data have become mainstream among cybercriminals
• Cybercriminals Seize Chaos Amidst CrowdStrike Outage, Deploying Deceptive Domains
• 34 tech firms signed “Cybersecurity Tech Accord” agreement that does’nt support government hacking operations