Microsoft blames EU's strict rules and regulations for CrowdStrike’s global BSOD menace

Microsoft, in a bid to explain what exactly is wrong with their systems that led to a worldwide epidemic of computer crashes and the much dreaded BSOD or Blue Screen of Death, is pointing fingers at the European Union’s stringent regulations. The outage, which occurred on Friday was one of the largest in recent history, and was triggered by a faulty security update from cybersecurity firm CrowdStrike.

The issue traces back to a 2009 dictat imposed by the European Commission. This agreement prevented Microsoft from implementing security measures that could have blocked the problematic update, claims the Redmond-based tech giant, claims a report by Gizmodo.

According to Microsoft, the constraints of its agreement with EU led to an estimated 8.5 million computers experiencing failures worldwide, as reported by the Wall Street Journal.

The impact of the outage was widespread and severe. Thousands of flights were delayed or cancelled, leaving passengers stranded in airports around the globe. The UK’s National Health Service (NHS) faced significant disruptions, and contactless payment systems were rendered inoperative. 911 emergency services in some states in the US were also forced to shut down. Several stock exchanges around the world, including the London Stock Exchange, were also forced to shut down.

The root of the problem was identified as a defective update for CrowdStrike’s Falcon system, a cybersecurity tool designed to prevent cyberattacks. Falcon has privileged access to a critical component of computers known as the kernel.

Microsoft’s own security tool, Windows Defender, serves as an alternative to CrowdStrike. However, due to the 2009 agreement, Microsoft had to allow multiple security providers to install their software at the kernel level.

This agreement stemmed from longstanding accusations by the European Commission, dating back to the early 2000s, that Microsoft was leveraging its dominant Windows software to gain an unfair advantage over other companies.

In contrast, Apple’s approach in 2020 was to block access to the kernel on its Mac computers, arguing that this move would enhance security and reliability. However, Microsoft stated that it could not implement a similar change due to the EU agreement.

The outage affected up to 8.5 million Windows devices, which Microsoft clarified represents less than 1% of all machines using the software. Despite the seemingly small percentage, the impact was substantial because CrowdStrike’s security solutions are widely used by businesses.

CrowdStrike has acknowledged the issue and reported that a significant number of the affected computers are now back online. The company has apologized for the disruption caused by the faulty update.

Meanwhile, the European Union is continuing its efforts to regulate Big Tech companies under its new Digital Markets Act. This includes measures aimed at forcing Apple to open its iPhone ecosystem to allow alternative app stores and web browsers.

As the fallout from this outage continues, it underscores the delicate balance between regulatory oversight and technological innovation. While the intent behind the EU’s regulations was to ensure fair competition, the unintended consequences have highlighted the complexities involved in managing global cybersecurity and IT infrastructure.