Microsoft’s recent blog post sheds light on the global computer outage that occurred 10 days ago, attributing it to an error in a software update from CrowdStrike, a third-party cybersecurity company. While Microsoft faced criticism for the outage, it was revealed that the number of reported affected devices was vastly underestimated. Initially, Microsoft reported that 8.5 million Windows machines were affected, but in their latest update, they clarified that this number is just a subset of the actual devices impacted.
The 8.5 million figure came from devices that shared crash reports with Microsoft, which is an optional feature. Devices that chose not to share crash reports were not included in the affected devices estimate. This means that the actual number of affected Windows devices is likely many millions more than previously reported, although Microsoft did not provide an exact figure.
The severity of the damage caused by the CrowdStrike update error was due to its operation at the kernel level, which is the core part of the operating system. This meant that the error didn’t just affect CrowdStrike’s software; it took down the entire computer system, resulting in the infamous Windows blue screen of death.
In light of this incident, Microsoft acknowledges the need to reassess the approach of cybersecurity software operating at the kernel level. They are currently exploring ways to reduce the reliance on kernel drivers to access important security data. Additionally, Microsoft plans to collaborate with third-party vendors to ensure they follow best practices when rolling out updates, enabling them to identify and address issues before they go live.
While the majority of affected Microsoft computers have been fixed, the industry is still grappling with how such a significant outage was allowed to occur. According to CrowdStrike, 97 percent of affected devices were back online as of last Thursday.
In conclusion, the CrowdStrike outage exposed the need for stricter protocols in software updates and highlighted the potential risks associated with operating at the kernel level. Microsoft’s response to this incident involves reevaluating their approach to cybersecurity software and fostering better collaboration with third-party vendors. By learning from this experience, the industry can work towards preventing similar outages in the future and ensuring the reliability and security of computer systems worldwide.
