Microsoft, Cyber Firms Pursue Changes After CrowdStrike Outage
Microsoft Corp. said it’s building an alternative for cybersecurity companies that now utilize the deepest layer of its operating system after a flawed update from CrowdStrike Holdings Inc. triggered a global IT meltdown.
The Redmond, Washington-based technology giant announced Thursday that it would “continue to design and develop” a “new platform capability” in response to what it said was customer and partner demand to enable security vendors to operate outside of kernel mode, the base layer of the operating system. Such a shift would require major retooling by Microsoft and by some outside cybersecurity companies that use kernel access to monitor potential threats. The goal, Microsoft said, was “enhanced reliability without sacrificing security.”
The announcement follows a Sept. 10 meeting between Microsoft and other cybersecurity companies to discuss deploying updates safely and alternatives to kernel access.
Related: CrowdStrike Earnings to Shed Light on Fallout From Global Windows Outage
Microsoft’s statement comes less than two months after CrowdStrike pushed out an update that crashed millions of Windows computers, crippling airports, banks, stock exchanges and businesses around the world. The outage touched off a debate over whether cybersecurity firms should be allowed to operate at the kernel level of Microsoft Windows systems because of the risks associated with such core access.
Microsoft said in a blog post announcing the work that the latest version of its Windows operating system has made changes that allows cybersecurity companies to provide more “security capabilities” outside of kernel mode.
Following the meeting, some security firms see operating in this base layer as essential.
Related: Microsoft, Cyber Firms to Meet on Fixes After CrowdStrike Crash
In a statement released by Microsoft, digital security firm Eset LLC said, “It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats.”
Drew Bagley, CrowdStrike’s vice president and counsel for privacy and cyber policy, said in the Microsoft statement, “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”