Skip to content 
In brief: In the aftermath of Friday’s global Windows BSOD, questions arose regarding why CrowdStrike software was granted full Windows kernel access. Microsoft now asserts that a 15-year-old agreement with European regulators restricts its ability to manage the situation, potentially exposing Windows-based enterprise systems to similar failures in the future.
Microsoft has provided additional details about the extent of last week’s global CrowdStrike meltdown and how IT professionals can mitigate the damage. Unfortunately, the company’s ability to prevent future occurrences remains constrained.
While CrowdStrike has resolved the defective patch that caused worldwide business disruptions on Friday, many systems are still being rebooted, and backlogs are being addressed. Microsoft has released a recovery tool equipped with detailed instructions to aid in repairs.
This software can create Windows recovery media or assist a PC in booting into safe mode. It requires a USB drive with 1 to 32 GB of storage space and at least 8 GB of free space on a 64-bit Windows client. The process involves formatting the USB drive to FAT32.
Microsoft reports that the CrowdStrike outage affected 8.5 million devices. Although this figure is less than one percent of all Windows systems, it had a significant impact on the enterprise sector, disrupting air traffic, hospitals, and other essential infrastructure.
Despite the issue originating from CrowdStrike’s software, a Wall Street Journal report suggests that Microsoft is receiving most of the blame, as its notorious BSOD represented the visible crisis to the public. Many affected businesses and users were likely unaware of CrowdStrike prior to July 19.
Experts quickly attributed the problem to the software’s level 0 kernel access in Windows, which enabled the error to impact the operating system’s core layer. Contrastingly, Apple does not grant third-party developers full kernel access, allowing its OS to avoid the global meltdown.
In response, Microsoft informed WSJ that it is legally unable to prevent third-party developers from obtaining full kernel access as per a 2009 agreement with the European Commission. A document titled, “Microsoft Interoperability Undertaking,” on the company’s website states that developers must be afforded the same system access levels as Microsoft.
As long as this agreement remains in place, companies like CrowdStrike must voluntarily avoid accessing the Windows kernel. It’s not unusual for developers to come under scrutiny for invoking kernel-level system access. Hopefully, the CrowdStrike incident will draw more attention to this issue.
