A Delta technician works on a set of screens displaying a blue page and reading “Recovery” at Delta Airlines Terminal 2 at Los Angeles Airport on July 19, 2024. Airlines, banks, TV channels and other businesses were disrupted in around the world on Friday after a major outage of computer systems linked to an update to an anti-virus program.
Etienne Laurent | AFP | Getty Images
Microsoft said Friday that it will hold a conference in September for cybersecurity companies to discuss ways the industry can evolve after a flawed CrowdStrike software update that caused millions of Windows computers to crash in July.
The incident caused chaos in Internet-connected systems. Airlines canceled thousands of flights, logistics companies reported delays in package deliveries and hospitals delayed medical appointments. Delta Air Lineswhich said the fallout from the outage cost the company $550 million, is seeking damages from CrowdStrike and Microsoft.
Microsoft will meet with CrowdStrike and other security firms at its campus in Redmond, Washington, on Sept. 10 to discuss how to prevent similar problems in the future, a Microsoft executive told CNBC in an interview. The person asked to remain anonymous because he was not authorized to discuss internal matters publicly.
The executive said attendees at the Windows Endpoint Security Ecosystem Summit will explore the possibility of apps relying more on a part of Windows called user mode instead of the more privileged kernel mode.
Software by CrowdStrike Checkpoint, SentinelOne and others in the endpoint protection market currently depend on kernel functionality. That access helps SentinelOne “monitor and stop bad behavior and prevent malware from disabling security software,” a spokesperson said.
User-mode apps are isolated, meaning that if one crashes, it won’t crash others. But a kernel-mode application that fails can cause all of Windows to crash. On July 19, CrowdStrike released a buggy content configuration update for the Falcon sensor for Windows PCs, intended to collect data for new attacks by causing errors at the operating system level. IT admins restarted computers that received the update showing a “blue screen of death” screen, one by one.
The Microsoft executive said that removing kernel access in Windows would only solve a small percentage of potential problems.
Apple in recent years it has limited kernel access to macOS and the company discourages developers from using kernel extensions.
Attendees at Microsoft’s Sept. 10 event will also discuss the adoption of eBPF technology, which checks whether programs will run without causing system errors, and memory-safe programming languages such as Rust, the executive said.
Last year Microsoft donate $1 million to the nonprofit Rust Foundation, which pays stipends to people working on the language.
Microsoft is competing against CrowdStrike with its Defender for Endpoint product. That group will attend like any other cybersecurity firm and will not receive preferential treatment, the executive said.
“We will share further updates on these conversations after the event,” Microsoft Vice President Aidan Marcuss wrote in a blog post.