Microsoft has blamed the European Union for the recent global IT outage that affected up to 8.5 million Windows devices. The company claims that a 2009 agreement with the European Commission prevented it from making necessary security changes, leading to the disastrous incident.
Explanation of the IT Outage
The IT outage was triggered by a defective update for CrowdStrike’s Falcon system, a cybersecurity software used by many businesses. The update was designed to prevent cyberattacks, but it ended up causing widespread disruption instead.
The issue arose due to the privileged access that the CrowdStrike software had to a critical component of the computer called the kernel. Microsoft developed its own internal alternative to CrowdStrike, known as Windows Defender. However, as a result of the agreement made with the European Commission in 2009, Microsoft was obligated to let the installation of software from other security suppliers at the kernel level.
This arrangement ultimately led to the massive IT outage, which caused thousands of flights to be delayed or canceled, disrupted the UK’s National Health Service, and even led to contactless payments failing to work in many locations.
Microsoft’s Statement
In comments to the Wall Street Journal, a Microsoft spokesman said that the company could not make the necessary changes to its software to prevent the CrowdStrike update from causing such widespread chaos. The spokesman explained that the 2009 agreement with the European Commission meant that Microsoft was not allowed to make security changes that would have blocked the faulty update.
Microsoft estimates that up to 8.5 million computers globally were affected by the CrowdStrike glitch, which is less than 1% of all machines using the software. However, the company acknowledged that the impact was significant because CrowdStrike is widely used by businesses.
Reactions to Microsoft’s Statement
Microsoft’s statement has drawn a mixed reaction from the public and industry experts. Some have criticized the company for attempting to shift the blame, arguing that it should have taken more responsibility for the incident.
Others, however, have supported Microsoft’s claims, noting that the company’s hands were tied due to the 2009 agreement with the European Commission. They argue that the EU’s insistence on allowing multiple security providers to access the kernel level of Windows was a contributing factor to the IT outage.
The European Commission has not yet responded directly to Microsoft’s accusations. However, the incident has reignited the ongoing debate over the EU’s approach to regulating technology companies and the potential unintended consequences of such policies.
In the meantime, CrowdStrike has acknowledged the “defect” in its software update and has apologized for the disruption caused. The company has also stated that a significant number of the affected computers are now back online.
The IT outage has highlighted the fragility of the global technology infrastructure and the need for robust security measures to prevent such incidents from occurring in the future. As the world becomes increasingly reliant on digital systems, the importance of ensuring their reliability and resilience has never been more critical.
