Microsoft blames EU rules for allowing world’s biggest IT outage to happen

微软 has blamed European Union rules for enabling a faulty security update to cause the world’s biggest IT outage.

The software giant said a 2009 agreement with the European Commission meant it was unable to make security changes that would have blocked the CrowdStrike update that triggered widespread travel and healthcare chaos on Friday. CrowdStrike’s Falcon system, designed to prevent cyber attacks, has privileged access to a key part of a computer known as the kernel.

This meant that a faulty update last week resulted in millions of Windows computers and servers being unable to load at all, leading to flight cancellations, contactless payments not working and GP surgeries being unable to make appointments. Microsoft, which offers its own alternative to CrowdStrike known as Windows Defender, agreed in 2009 to allow multiple security providers to install software at the kernel level amid a European competition investigation.

In contrast, 苹果 blocked access to the kernel on its Mac computers in 2020, which it said would improve security and reliability.

A Microsoft spokesman told The Wall Street Journal that it was unable to make a similar change because of the EU agreement.

Microsoft said on Saturday that the CrowdStrike update had affected 8.5m Windows devices. This was less than 1% of all machines operating the software, but had major impacts because CrowdStrike is widely used in businesses.

The faulty update caused a blue error screen on many computer screens, rendering them unusable until they were fixed. CrowdStrike said on Monday that “a significant number” of the affected computers were back online and apologised for the disruption.

Read the rest of the article here: https://easysam.co.uk/news/microsoft-blames-eu-rules-for-allowing-worlds-biggest-it-outage-to-happen/