Microsoft’s previous estimate of 8.5 million machines crashing due to the CrowdStrike Falcon outage nearly two weeks ago is too low, according to the company.
Microsoft also promised to reduce infosec vendors’ reliance on the kernel drivers in response to the outage.
In a blog post published over the weekend, David Weston, vice president of enterprise and OS security at Microsoft, detailed that the company measured the impact of the incident through accessing crash reports that were voluntarily shared by customers.
As not every customer opts to share crash reports, the 8.5 million estimate was just “a subset of the number of impacted devices previously shared by Microsoft,” Weston wrote.
Weston went on to argue that kernel drivers such as those employed by CrowdStrike can actually improve performance and prevent software tampering, however, these advantages must be rationalized against potential downfalls.
“Since kernel drivers run at the most trusted level of Windows, where containment and recovery capabilities are by nature constrained, security vendors must carefully balance needs like visibility and tamper resistance with the risk of operating within kernel mode,” Weston wrote.
He said he believes that if security vendors can strike the right balance, organizations can minimize kernel usage while also maintaining a strong security position.
https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt68393eb9f9ec8e7e/66a2a399d9021611bb48b735/windows11(1800)_mundissima_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop