Wednesday, 2 April 2025
27.2 C
Singapore
30.6 C
Thailand
21.3 C
Indonesia
27.8 C
Philippines

EU regulation blamed by Microsoft for CrowdStrike outage

Microsoft blames the EU for the CrowdStrike outage, which affected 8.5 million Windows devices due to a 2009 agreement with the European Commission.

Last Friday, Windows devices worldwide were unexpectedly taken offline. This chaos was triggered by a problematic update from cybersecurity giant CrowdStrike, causing widespread disruption. If you’re unfamiliar with the incident, you can catch up on the details in our previous article summarising the event.

The scale of the impact

With the dust settling, Microsoft has disclosed that approximately 8.5 million Windows devices were affected. This major outage can be traced back to an agreement between Microsoft and the European Commission in 2009.

In a statement to the Wall Street Journal, Microsoft detailed this agreement. In 2009, the European Commission worried that Microsoft might use its dominant market position to gain an unfair advantage. To address these concerns, Microsoft agreed to provide security software makers with the same level of access to Windows that it had.

The root cause

As a result of this agreement, today’s CrowdStrike Falcon security software operates as a kernel module, which gives it full system access. The kernel, often called “the heart of an operating system,” manages crucial system functions like memory, processes, and files. Therefore, when a faulty update is pushed out, the consequences can quickly escalate from bad to worse.

Interestingly, Macs were not affected by this outage. Apple ceased granting developers kernel-level access in 2020 with MacOS Catalina. This decision means Macs can experience a different type of failure. However, itโ€™s worth noting that the European Commission is currently scrutinising Apple’s practices. The Commission has already compelled Apple to permit third-party App Stores under its Digital Markets Act, though it hasn’t yet forced Apple to change its kernel access policies.

Microsoft’s frustration

Microsoft appears to be frustrated. The company feels it was pulled into this predicament by factors beyond its control. The situation highlights the complex interplay between regulatory requirements and the practical realities of maintaining secure and functional software systems.

This incident underscores the challenges tech companies face when balancing compliance with regulatory demands and ensuring their systems remain robust and secure.

Hot this week

Chinese investor questions commercial future of humanoid robots

Chinese venture capitalist Allen Zhu questions the commercial potential of humanoid robots, sparking debate amid rising AI investment in China.

Garmin launches premium Connect+ plan to boost health and fitness tracking

Garmin introduces Connect+ with AI insights, advanced training tools, and social features to help users reach their health and fitness goals.

Microsoft removes Windows 11 loophole for skipping account setup

Microsoft is blocking a well-known workaround that lets you set up Windows 11 without a Microsoft account, enforcing stricter installation rules.

Google Assistant to be phased out on Waze for iPhone

Waze is removing Google Assistant from iPhones due to issues and plans to upgrade with improved voice integration, possibly using Gemini.

Sony unveils WF-C710N earbuds with improved battery life and noise cancellation

Sony announces the WF-C710N earbuds, which offer better battery life and noise cancellation, and new colours for the WH-CH720N and WH-CH520 headphones.

Exabeam introduces Nova, an agentic AI that boosts cybersecurity operations

Exabeam unveils Nova, a proactive AI agent that boosts security team productivity and reduces incident investigation time by over 50%.

NUS partners with Microsoft Research Asia to advance AI research and nurture future tech talent

NUS and Microsoft Research Asia partner to boost AI research and develop future computing talent through a joint PhD and industry collaboration.

Tenable reveals privilege escalation flaw in Google Cloud Run

Tenable uncovers a privilege escalation flaw in Google Cloud Run, exposing risks linked to inherited permissions and service interdependencies.

Evento Seguro simplifies insurance access for event organisers in Brazil

Evento Seguro by Chubb makes event insurance easier for Brazilian organisers through a digital platform by Sympla and discovermarket.

Related Articles