A Delta Airlines technician works on a blue screen with the word “Recovery” written on it, at Delta’s Terminal 2 at Los Angeles Airport on July 19, 2024. A major computer outage linked to an antivirus update disrupted airlines, banks, television stations and other businesses around the world on Friday.
Etienne Laurent | AFP | Getty Images
Microsoft The company said Friday it will host a conference for cybersecurity companies in September to discuss ways the industry can evolve in the wake of the flawed system failure. Crowdstrike The software update that crashed millions of Windows computers in July.
The incident threw internet-connected systems into disarray: airlines canceled thousands of flights, logistics companies reported delays in package deliveries, and hospitals postponed medical appointments. Delta AirlinesThe company is seeking damages from CrowdStrike and Microsoft, claiming the outage caused it $550 million in losses.
Microsoft plans to meet with CrowdStrike and other security companies on its Redmond, Washington, campus on September 10 to discuss ways to prevent similar issues in the future, a Microsoft executive said in an interview with CNBC, requesting anonymity because he was not authorized to discuss internal company matters publicly.
The executive said attendees at the Windows Endpoint Security Ecosystem Summit will consider the possibility of applications relying more on a part of Windows known as user mode, rather than the more privileged kernel mode.
CrowdStrike Software Checkpoint, Sentinel One Other companies in the endpoint protection market currently rely on kernel mode, and a SentinelOne spokesperson said such access allows the company to “monitor and block malicious behavior and prevent malware from disabling security software.”
User mode applications are isolated so if one application crashes, it doesn’t take down other applications. But if a kernel mode application fails, it can crash all of Windows. On July 19, CrowdStrike released a buggy content configuration update for its Falcon sensor for Windows computers to gather data on new attacks that cause crashes at the operating system level. IT administrators rebooted the PCs that received the update one by one, only to see the PCs display a “Blue Screen of Death” screen.
Microsoft executives said removing kernel access in Windows would only solve a small portion of the potential problems.
apple In recent years limited macOS Kernel Access and the Enterprise Disappointing Prevents developers from using kernel extensions.
Attendees at Microsoft’s Sept. 10 event will also discuss eBPF technology, which checks whether a program can run without causing a system crash, and the adoption of memory-safe programming languages such as Rust, executives said.
Last year Microsoft Donated Donated $1 million to the Rust Foundation, a nonprofit that pays scholarships for people working on the language.
Microsoft is competing with CrowdStrike with its Defender for Endpoint product, and its team will participate like any other cybersecurity company and will not receive preferential treatment, executives said.
“We will share an update on these conversations following the event,” Microsoft corporate vice president Aidan Marcus said in a statement. Blog Post.