While IT infrastructure around the world is recovering from a critical failure, businesses, experts, and politicians are already looking for those to blame for what happened. According to The Wall Street Journal, Microsoft said that the incident may be the result of a forced agreement in 2009 between the IT giant and the European Union.
Experts are already questioning why cybersecurity solutions company CrowdStrike was given access to the Windows kernel at such a low level, where a bug could be very large and costly for a huge number of users. We’ll keep you updated as this situation unfolds.
Microsoft’s Position and Regulatory Factors
Microsoft cannot be directly blamed for the flaw in the CrowdStrike software update that wreaked havoc on all walks of life around the world. However, the software architecture that allows third parties to deeply integrate their software into Microsoft’s operating systems raises many questions and requires closer examination.
As reported by WSJ, Microsoft noted that the company’s 2009 agreement with the European Commission was the reason that the Windows kernel is not protected in the same way as, for example, Apple’s macOS kernel, direct access to which has been closed to developers since 2020. The compatibility agreement was actually the result of increased attention from European regulators to Microsoft’s activities.
In accordance with one of its points, Microsoft is obliged to provide timely and ongoing information about the APIs used by its security software in Windows—user and server versions. The relevant documentation should also be available to third-party antivirus software developers to create their own solutions, which should promote fair competition. However, instead of using APIs without access to the kernel, CrowdStrike and its ilk chose to work directly with the OS kernel to maximize the capabilities of their security software. True, there is a high probability that in the event of a failure the consequences could be extremely serious—which is what happened.
Broader Implications
Windows is not the only operating system that offers access to the kernel with the ability to disable it if it does not work correctly, noptes NIX Solutions. However, the ubiquitous presence of Microsoft products leads to massive problems and a lot of publicity in the event of failures in third-party applications, even if the company is not directly to blame for what happened. As we continue to monitor the developments, we’ll keep you updated on any new information.
We’ll keep you updated as the situation evolves and more details emerge about the root causes and potential solutions to prevent future incidents of this nature.