Microsoft said on Friday that it is going to hold a conference for cybersecurity firms in September to debate ways the industry can get better from a flawed CrowdStrike Software update that caused tens of millions of Windows computers to crash in July.
The incident disrupted internet-connected systems. Airlines canceled 1000’s of flights, logistics firms reported delays in package deliveries and hospitals postponed doctor's appointments. Delta Air Lineswhich announced that the implications of the ability outage cost the corporate $550 million, is demanding damages from CrowdStrike and Microsoft.
Microsoft will meet with CrowdStrike and other security firms on Sept. 10 at its Redmond, Washington, campus to debate the right way to avoid similar problems in the longer term, a Microsoft executive said in an interview with CNBC. The person requested anonymity because he was not authorized to debate internal matters publicly.
The executive said attendees on the Windows Endpoint Security Ecosystem Summit would explore the potential of relying applications more heavily on a component of Windows called user mode fairly than the more privileged kernel mode.
Software from CrowdStrike checkpoint, SentinelOne and others within the endpoint protection market currently depend on kernel mode. Such access helps SentinelOne “monitor and stop bad behavior and prevent malware from disabling security software,” a spokesperson said.
User-mode applications are isolated, meaning that if one application crashes, it won't cause other applications to crash. However, if a kernel-mode application crashes, it could actually cause the complete Windows operating system to crash. On July 19, CrowdStrike released a flawed content configuration update for its Falcon sensor for Windows computers with the intent of collecting data on recent attacks that cause OS-level crashes. IT administrators restarted PCs that received the update one after the other, displaying a “Blue Screen of Death” screen.
The Microsoft executive said removing kernel access in Windows would only solve a small percentage of potential problems.
Apple In recent years limited Kernel access in macOS and the corporate advises against Prevent developers from using kernel extensions.
According to the CEO, participants on the Microsoft event on September 10 may even discuss the introduction of eBPF technology, which tests whether programs can run without system crashes, in addition to memory-safe programming languages akin to Rust.
Last 12 months Microsoft donated $1 million to the nonprofit Rust Foundation, which awards grants to people working on the language.
Microsoft competes with CrowdStrike with its Defender for Endpoint product. This team will participate like every other cybersecurity company and won’t receive preferential treatment, the chief said.
“We will provide further updates on these discussions after the event,” Microsoft Corporate Vice President Aidan Marcuss wrote in a Blog post.
image credit : www.cnbc.com