Anamika Dey, editor
Brief news
- Microsoft will host a conference in September for cybersecurity firms to discuss strategies for industry evolution following the collapse of millions of Windows computers due to a defective CrowdStrike software update.
- The conference will focus on investigating the feasibility of relying more on user mode rather than kernel mode in Windows applications to prevent similar incidents in the future.
- Other topics to be discussed include the implementation of eBPF technology and memory-safe programming languages like Rust to enhance system stability and security.
Detailed news
Following the July collapse of millions of Windows computers due to a defective CrowdStrike software update, Microsoft announced on Friday that it will host a conference in September for cybersecurity firms to deliberate on potential strategies for industry evolution.
The event in question caused widespread disruptions to internet-connected systems. Logistics companies reported delays in parcel delivery, airlines canceled thousands of flights, and hospitals postponed medical appointments. Delta Air Lines, which reported that the disruption resulted in a $550 million loss, is pursuing compensation from Microsoft and CrowdStrike.
In an interview with CNBC, a Microsoft executive disclosed that the company will convene with CrowdStrike and other security companies at its Redmond, Washington, campus on September 10 to deliberate on strategies for averting comparable incidents in the future. The individual requested anonymity due to their lack of authorization to publicly address internal matters.
The executive stated that the Windows Endpoint Security Ecosystem Summit will investigate the feasibility of allowing applications to rely more on a component of Windows known as user mode rather than the more privileged kernel mode.
Kernel mode is currently relied upon by software from CrowdStrike, Check Point, SentinelOne, and other competitors in the endpoint-protection market. A spokesperson stated that SentinelOne is able to “monitor and prevent bad behavior and prevent malware from turning off security software” as a result of this access.
Applications that operate in user mode are isolated, which means that if one fails, it will not affect related applications. However, a kernel mode application that malfunctions can result in the complete shutdown of Windows. CrowdStrike released a buggy content configuration update for its Falcon sensor for Windows computers on July 19. The update was intended to collect data on new assaults, but it caused failures at the operating system level. One by one, IT administrators rebooted PCs that had received the update and were displaying a “blue screen of death” screen.
According to the Microsoft executive, the removal of kernel access in Windows would resolve only a minor proportion of potential issues.
In recent years, Apple has restricted kernel access in macOS and discourages developers from utilizing kernel extensions.
According to the executive, attendees at Microsoft’s event on September 10 will also deliberate on the implementation of eBPF technology, which determines whether programs will execute without causing system failures, and memory-safe programming languages like Rust.
In the previous year, Microsoft contributed $1 million to the nonprofit Rust Foundation, which provides stipends to individuals who are engaged in the development of the language.
Microsoft’s Defender for Endpoint product is in direct competition with CrowdStrike. The executive stated that the team will be treated equally with all other cybersecurity companies and will not receive any special treatment.
In a blog post, Microsoft Corporate Vice President Aidan Marcuss stated, “We will provide additional information regarding these discussions in the aftermath of the event.”
Source : CNBC News
