Microsoft Lowballs CrowdStrike Outage Impact

Share This Post

Microsoft’s previous estimate of 8.5 million machines crashing due to the CrowdStrike Falcon outage nearly two weeks ago is too low, according to the company.

Microsoft also promised to reduce infosec vendors’ reliance on the kernel drivers in response to the outage.

In a blog post published over the weekend, David Weston, vice president of enterprise and OS security at Microsoft, detailed that the company measured the impact of the incident through accessing crash reports that were voluntarily shared by customers. 

As not every customer opts to share crash reports, the 8.5 million estimate was just “a subset of the number of impacted devices previously shared by Microsoft,” Weston wrote. 

Weston went on to argue that kernel drivers such as those employed by CrowdStrike can actually improve performance and prevent software tampering, however, these advantages must be rationalized against potential downfalls.

“Since kernel drivers run at the most trusted level of Windows, where containment and recovery capabilities are by nature constrained, security vendors must carefully balance needs like visibility and tamper resistance with the risk of operating within kernel mode,” Weston wrote.

He said he believes that if security vendors can strike the right balance, organizations can minimize kernel usage while also maintaining a strong security position.

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt68393eb9f9ec8e7e/66a2a399d9021611bb48b735/windows11(1800)_mundissima_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop

This post was originally published on this site

More Articles

Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.