July 20th, 2024

Microsoft's global sprawl under fire from regulators after Windows outage

A global Microsoft Windows outage, caused by a defective update from CrowdStrike, disrupted various sectors worldwide. Regulators urge vendor diversification to reduce reliance on Microsoft, sparking debates on tech monopolies and antitrust enforcement.

Read original articleLink Icon
Microsoft's global sprawl under fire from regulators after Windows outage

A global outage of Microsoft's Windows system caused chaos across various sectors, highlighting the world's heavy reliance on the tech giant. The incident, triggered by a defective update from cybersecurity company CrowdStrike, affected millions of devices worldwide. The outage disrupted services like air travel, healthcare, and public safety, prompting concerns about the risks of such centralized power. Regulators and lawmakers are calling for diversification of vendors to reduce dependency on Microsoft. The incident has reignited debates on tech monopolies and the need for stricter antitrust enforcement. Microsoft's regulatory challenges are mounting globally as it expands into new technologies like artificial intelligence. The company's response to the outage is under scrutiny, with calls for transparency and accountability from government officials. Microsoft's influence in government IT systems and its relationships with policymakers are facing increased scrutiny following the outage. The fallout from the incident is expected to impact Microsoft's standing and relationships in Washington and beyond.

Related

Microsoft outage: Chaos as internet down and flights grounded around the world

Microsoft outage: Chaos as internet down and flights grounded around the world

A global IT outage, possibly linked to Crowdstrike antivirus software, caused chaos worldwide. Windows crashes affected sectors like healthcare and transportation. Crowdstrike's shares dropped. Various services faced disruptions, prompting calls for system modernization.

Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange

Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange

A cybersecurity program update failure caused global disruptions affecting businesses and services like United Airlines, McDonald’s, and the London Stock Exchange. Microsoft and CrowdStrike faced issues, but the problem was resolved without a cyberattack. CrowdStrike's shares dropped 20%, and Microsoft's fell 2.9%. The incident, involving Windows and security software, is one of the largest IT outages, surpassing past disruptions.

Microsoft has serious questions to answer after the biggest IT outage in history

Microsoft has serious questions to answer after the biggest IT outage in history

The largest IT outage in history stemmed from a faulty software update by CrowdStrike, impacting 70% of Windows computers globally. Mac and Linux systems remained unaffected. Concerns arise over responsibility and prevention measures.

2024 CrowdStrike incident: The largest IT outage in history

2024 CrowdStrike incident: The largest IT outage in history

A faulty update by CrowdStrike led to a global computer outage affecting airlines, banks, hospitals, and government services. Over 3,200 flights were canceled, emphasizing the need for strong cybersecurity.

Microsoft says 8.5M Windows devices were affected by CrowdStrike outage

Microsoft says 8.5M Windows devices were affected by CrowdStrike outage

Microsoft reported that a CrowdStrike outage impacted 8.5 million Windows devices globally, causing disruptions in banking, retail, and transportation. Collaboration with tech giants is ongoing to address cybersecurity risks efficiently.

Link Icon 13 comments
By @amluto - 4 months
I’m not a regulator, but I think the solution may actually be to break up Microsoft.

Right now, there is a product that is critical to the economy: Windows. By “Windows” I mean the OS, its security mechanisms, and its update mechanisms. Changing Windows to a multi-source model seems challenging, to say the least. Right now, though, Windows is not merely single-source, but that single source also makes OneDrive, Office, a not-very-secure cloud offering, ads, AI, etc. Most of the revenue comes from crap layered on top of Windows.

If just the base Windows were split out, then the company behind it could focus on making a secure base. Maybe they could actively mitigate attacks, even from the rest of the layers (e.g. the “AI” recording crap, OneDrive, telemetry, etc). And maybe CrowdStrike would become unnecessary because the Windows company itself could offer adequate endpoint security.

Getting this right would be hard, but having the base OS for much of the world in the hands of Microsoft is not going so well.

By @gruez - 4 months
It seems baffling that Microsoft is getting heat for this. They didn't cause the issue, a third party vendor's software did. Even if you were trying to make an argument of "if we had more diversity it wouldn't be as bad", shouldn't you be focusing on the EDR vendors rather than the OS vendor?
By @jmclnx - 4 months
>In a blog post Saturday, Microsoft estimated that the update affected 8.5 million devices, which amounts to less than 1 percent of computers running Windows

Cute, but the 1% were the systems that matter most, who cares if people could still watch LOL Cat Videos at home.

No one I know who works at a company using a Windows system was unaffected.

Actually wrong, 1 person was fine, he got a brand new PC the day before, but it had no corporate mandated "security items" (per the help desk), so he could work. He was still able to connect to the corporate intranet.

By @jenscow - 4 months
Many in this industry have been saying this for a while now.

"I think that I am familiar with the fact that you are going to ignore this particular problem until it swims up and bites you on the ass."

By @penguin_booze - 4 months
The saving grace is that this situation was salvageable by mortals.

Imagine the world where black box AI systems are deployed, and humanity gets too cozy and complicit with the amenities it offers--too lazy and too convenient to care. Then suddenly, a BSoD-equivalent happens. And nobody knows how to reason with it--or worse, through it; and nobody knows how write a 'hello world' nor to fire up a debugger any more.

By @lambdaone - 4 months
It was inevitable that something like this would happen sooner or later, either through security complacency or sheer bad luck. We were just fortunate it only happened to Windows.
By @xnx - 4 months
Did Crowdstrike PR write this?
By @AlexDragusin - 4 months
> airlines in India handed out handwritten plane tickets https://x.com/akothari/status/1814202068531552666
By @shadowgovt - 4 months
In related news, auto manufacturers under fire after aftermarket modifications to mufflers cause engines to burst into flames.

Seriously, I don't know what Microsoft was supposed to do about this. People bought an operating system from them, then they gave a third party permission to modify the internals of that operating system's configuration, then those modifications broke their installations. Where is the regulatory intervention story regarding how Microsoft's behavior should change here?

By @ApolloFortyNine - 4 months
Do some of these news agencies own Crowdstrike stock? How can you blame Windows here? For simply allowing an application that can crash the OS?

I truly don't understand the angle here, besides ignorance.

By @russellbeattie - 4 months
Microsoft's culpability lies in the fact that their OS is still ridiculously brittle. How it can't seem to manage to be able to automatically roll back changes from something as serious as a kernel change is ludicrous.

It's CrowdStrike's fault that the kernel was faulty. It's Microsoft's fault that it caused a never ending bootloop that needed manual intervention to fix.