Microsoft, in a bid to explain what exactly is wrong with its systems that led to a worldwide epidemic of computer crashes and the much-dreaded BSOD, or Blue Screen of Death, is pointing fingers at the European Union’s stringent regulations. The outage, which occurred on Friday, was one of the largest in recent history and was triggered by a faulty security update from cybersecurity firm CrowdStrike.
The issue traces back to a 2009 dictat imposed by the European Commission. This agreement prevented Microsoft from implementing security measures that could have blocked the Redmond-based tech giant’s problematic update, as Gizmodo reported.
According to Microsoft, the constraints of its agreement with the EU led to an estimated 8.5 million computers experiencing failures worldwide, as the Wall Street Journal reported.
The impact of the outage was widespread and severe. Thousands of flights were delayed or canceled, leaving passengers stranded in airports around the globe. The UK’s National Health Service (NHS) faced significant disruptions, and contactless payment systems were rendered inoperative. Nine hundred-eleven emergency services in some states in the US were also forced to shut down. Several stock exchanges worldwide, including the London Stock Exchange, were also forced to shut down.
The root of the problem was identified as a defective update for CrowdStrike’s Falcon system, a cybersecurity tool designed to prevent cyberattacks. Falcon has privileged access to the kernel, a critical component of computers.
Microsoft’s security tool, Windows Defender, is an alternative to CrowdStrike. However, due to the 2009 agreement, Microsoft had to allow multiple security providers to install their software at the kernel level.
This agreement stemmed from the European Commission’s longstanding accusations, dating back to the early 2000s that Microsoft was leveraging its dominant Windows software to gain an unfair advantage over other companies.
In contrast, Apple’s approach in 2020 was to block access to the kernel on its Mac computers, arguing that this move would enhance security and reliability. However, Microsoft stated it could not implement a similar change due to the EU agreement.
The outage affected 8.5 million Windows devices, which Microsoft clarified represents less than 1% of all machines using the software. Despite the seemingly small percentage, the impact was substantial because CrowdStrike’s security solutions are widely used by businesses.
CrowdStrike has acknowledged the issue and reported that many affected computers are now back online. The company has apologized for the disruption caused by the faulty update.
Meanwhile, the European Union continues its efforts to regulate big tech companies under its new Digital Markets Act. This includes measures to force Apple to open its iPhone ecosystem to allow alternative app stores and web browsers.
As the fallout from this outage continues, it underscores the delicate balance between regulatory oversight and technological innovation. While the EU’s regulations aimed to ensure fair competition, the unintended consequences have highlighted the complexities involved in managing global cybersecurity and IT infrastructure.