Microsoft says EU rules made CrowdStrike outage possible
Microsoft says that an understanding with the European Commission is partially to blame for the CrowdStrike outage.
Editor's note: Check out our oft-updated live blog for all new developments about the Microsoft/CrowdStrike outage.
The recent global IT outage, in which a faulty update to cybersecurity company CrowdStrike's software brought down millions of Windows PCs, caused billions of dollars worth of damage across a number of industries, including airline transport, retail, and banking.
Mac devices, however, were not affected, as Apple's macOS operating system does not grant third party app makers kernel-level access, preventing the type of catastrophic error that resulted in the dreaded "blue screen of death" on Windows PCs.
Now, Microsoft is saying it wasn't able to put the same protections in place due to a long-standing agreement with the European Commission.
In a statement given to the Wall Street Journal, a Microsoft spokesperson said the company "cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint."
This is referring to a 2009 agreement, in which Microsoft pledged to give third-party security apps developers the same level of access to its Windows OS as Microsoft itself gets. In contrast, Apple took away kernel access from third-party developers back in 2019, when it launched macOS Catalina.
The faulty CrowdStrike update was devastating for IT systems around the globe as it caused a system crash on a multitude of Windows PCs. A fix could not easily be deployed as the systems would immediately crash again on reboot, causing a condition called "reboot loop."
In a letter to customers and partners, CrowdStrike CEO George Kurtz said it was taking steps to prevent "anything like this from happening again." The question, however, is what steps should Microsoft take to make sure one small update to a third-party software (CrowdStrike's or others') cannot wreak havoc on global IT infrastructure again.
We've asked Microsoft for comment on this issue, and will update this article when we hear back.