Microsoft has acknowledged its initial estimate of 8.5 million devices affected by the recent CrowdStrike software update was likely too low.
In response to emerging details surrounding the dodgy update that caused a widespread outage, resulting in grounded flights and disruptions to other major industries, Microsoft is pledging to reduce the reliance of infosec vendors on kernel drivers, which were behind the issue.
Although the true scale of the outage remains unconfirmed, Microsoft’s initial estimations only considered crash reports shared by customers, leaving those who didn’t report out of the calculation.
Microsoft says more than 8.5 million were affected by CrowdStrike outage
David Weston, Microsoft’s Vice President for Enterprise and OS Security, emphasized the need for infosec vendors to balance the advantages of kernel drivers against their potential impact on system resilience.
In a blog post exploring the outage and detailing Microsoft’s commitment to learning from and responding to the outage, Weston defended Windows’ performance by highlighting the benefits of kernel drivers in enhancing security by improving performance and preventing software tampering.
The VP suggested that security vendors could minimize kernel usage by running minimal sensors in kernel mode for data collection and enforcement.
Weston summarized: “As we move forward, Windows is continuing to innovate and offer new ways for security tools to detect and respond to emerging threats safely and securely.”
CrowdStrike’s most recent update, issued on Thursday, states that 97% of the affected servers are now back online. The company’s CEO stated that it would work tirelessly until all disruptions are remediated.
TechRadar Pro has asked Microsoft how many devices it estimates may have been affected, and how many are back online. The company did not immediately respond.