Microsoft will host a special cybersecurity event with CrowdStrike next month with plans to discuss how the industry can prevent another massive technical outage like the one that crashed millions of Windows computers in July.
The system crash was caused by CrowdStrike sending out a faulty software update, which shut down millions of internet-connected systems, from hospitals to airports. The incident was estimated to cost Fortune 500 companies more than $5 billion. Delta Airlines, seeking damages from CrowdsStrike and Microsoft, estimated they lost more than $500 million in canceled flights as a result of the outage.
Now CrowdStrike, other cybersecurity firms, and government officials plan to convene in Redmond for the Windows Endpoint Security Ecosystem Summit on September 10 to discuss how to prevent another widespread outage. The shared goal will be to come up with “concrete steps” to protect joint partners’ infrastructure, Microsoft Vice President of Windows and Devices Aidan Marcuss said in a blog post on Friday.
The summit “will lead to next steps in both short- and long-term actions and initiatives to pursue, with improved security and resilience as our collective goal,” Marcuss said.
One of the steps up for discussion, a Microsoft executive told CNBC, could include making software updates from companies like CrowdStrike rely more on Windows user mode rather than “kernel” mode, the highest level of control that provides access to the underlying operating system. But the executive said removing kernel access in Windows could only prevent a limited scope of possible issues.
Though it was a CrowdStrike update that triggered the incident, Microsoft has shared much of the fallout. The summit is a “very good step for Microsoft,” said Forrester cybersecurity analyst Allie Mellen, because it’s an opportunity for the company to reassure other firms and government officials of its commitment to “equitable kernel access” and safe deployment practices.
“This is definitely a very needed summit for Microsoft, especially with key partners,” Mellen said. She’s hoping for transparency about outcomes from the summit, specifically about any changes to how cybersecurity vendors function.
While it’s impossible to say that another huge cyber incident won’t happen again, Mellen said the conversations and levels of validation of controls for third-party software that have come about since July are promising.
“Or, if it does happen again, it will have a much smaller scope of impact than it had during this incident,” Mellen said.
Microsoft declined to comment further but said in the post that more updates will come following the event.
