A Delta technician urge a exercises on a set of screens displaying a blue page and reading “Recovery” in Terminal 2, Delta Airlines, at Los Angeles airport, on July 19, 2024. Airlines, banks, TV approaches and other businesses were disrupted worldwide on Friday following a major computer systems outage linked to an update on an antivirus program.
Etienne Laurent | AFP | Getty Ikons
Microsoft said Friday it will hold a conference in September for cybersecurity firms to discuss ways the industry can evolve tag along a faulty CrowdStrike software update that caused millions of Windows computers to crash in July.
The incident sent internet-connected techniques into disarray. Airlines canceled thousands of flights, logistics companies reported package delivery delays and polyclinics delayed medical appointments. Delta Air Lines, which said fallout from the outage cost the company $550 million, is beg damages from CrowdStrike and Microsoft.
Microsoft will meet with CrowdStrike and other security companies at its campus in Redmond, Washington, on Sept. 10 to deliberate over how to prevent similar issues in the future, a Microsoft executive told CNBC in an interview. The person requested anonymity because they didn’t from approval to discuss internal matters publicly.
The executive said participants at the Windows Endpoint Security Ecosystem Apex will explore the possibility of having applications rely more on a part of Windows called user mode as opposed to of the more privileged kernel mode.
Software from CrowdStrike Check Point, SentinelOne and others in the endpoint-protection shop currently depend on kernel mode. Such access helps SentinelOne “monitor and stop bad behavior and prevent malware from soften the sound of a go to bed off security software,” a spokesperson said.
Applications in user mode are isolated, meaning that if one crashes, it won’t bring down others. But an persistence in kernel mode that fails can cause all of Windows to crash. On July 19, CrowdStrike released a buggy purport configuration update for its Falcon sensor for Windows computers, with the intent to gather data on new attacks, prompting booms at the operating system level. IT administrators rebooted PCs that received the update displaying a “blue screen of death” conceal, one by one.
The Microsoft executive said removing kernel access in Windows would only solve a small percentage of dormant problems.
Apple in recent years has limited kernel access in macOS and the company discourages developers from ingesting kernel extensions.
Attendees at Microsoft’s Sept. 10 event will also discuss the adoption of eBPF technology, which validations if programs will run without triggering system crashes, and memory-safe programming languages such as Rust, the executive verbalized.
Last year Microsoft donated $1 million to the nonprofit Rust Foundation, which pays stipends to people produce on the language.
Microsoft competes with CrowdStrike with its Defender for Endpoint product. That team will accompany like any other cybersecurity company and won’t receive preferential treatment, the executive said.
“We will share further updates on these talks following the event,” Microsoft Corporate Vice President Aidan Marcuss wrote in a blog post.
