CrowdStrike Windows Patch Disaster The Fault Of … The EU

If you cast your mind back to last Friday you might remember the CrowdStrike-Windows outage that wreaked havoc on Windows machines worldwide.

Airlines couldn’t take off. Hospitals delayed surgery. Trains were late.

As machines were stuck in recovery loops the blame game started even while IT support staff were still crying into their keyboards.

Let’s be real. Microsoft don’t want the heat for this issue and want to blame someone else. They’re blaming the EU as today’s convenient scapegoat.

The Uncool Culprit in The Kernel

Crowdstrike’s Falcon software is designed to keep machines safe from cyber attacks and malware. In practice that means it operates as a kernel module and has access to the operating systems core functions from memory management to device management, and operates much like a device driver.

If somebody *cough CrowdStrike* wrote an empty (well, full of zeros) sys file in their update and did not gracefully handle the error. This led to invalid pointers read from the faulty file, an invalid access and blue screen.

If you’re following this argument, well done you.

If you’re not simply understand this. The EU is not mentioned and is not (arguably) relevant here. So perhaps that is why Microsoft has moved the blame all of the way to Europe.

Scapegoating

In a statement to The Wall Street Journal, Microsoft squarely blamed the European Commission.

It may be true that Microsoft needed to provide kernel access to third-part apps to promote competition and interoperability.

This doesn’t absolve responsibility for making sure that their process protects users. Shifting the responsibility onto the EU, particularly for such a major system failure just isn’t fair.

Sure, there is a delicate balance between security and openness but Microsoft really need, and have to do better. Placing the blame on other entities simply isn’t fair or right.

A Fix?

Microsoft have released a tool to help admins recover machines. At least it’s something more than the Microsofts suggestion that (get this) you should turn the device on and off repeatedly to fix the issue.

I guess that Microsoft are going to blame the EU for that particular suggestion.

Honestly I think that the problem here is the quality of Microsoft’s solutions. The fact they want to blame others for issues says much about their work and the extent that they should be trusted in the marketplace.

Conclusion

Microsoft need to own up to their part in the CrowdStrike disaster. The company is responsible for producing a secure an resiliant operating system. If not, what are they there for? What are they doing?

These are the questions Microsoft need to answer.

Previous
Previous

The Secret Interview Code That Means You’ve Failed

Next
Next

When Developers Dismiss Users