3rdPartyFeeds

How the West became dangerously dependent on Microsoft

Microsoft was not directly to blame for the computer bug that caused last weekend’s IT meltdown, but it did not take long for the software giant to become the face of the incident. Read More...
Stansted airport

Travel disruption is expected to carry on this week after Friday’s IT meltdown threw airline schedules into disarray – Bav Media

Microsoft was not directly to blame for the computer bug that caused last weekend’s IT meltdown, but it did not take long for the software giant to become the face of the incident.

Huge screens at airports, hospitals and train terminals all flashed up with the “blue screen of death”, the trademark error screen that displays when Windows computers fail to load correctly.

News bulletins carried reports of a worldwide “Microsoft outage” delaying flights and breaking cash machines, while staff at the company’s Seattle headquarters rushed to issue guidance on fixing the issue.

Microsoft, the world’s second most valuable company with a market value of more than $3 trillion (£2.3 trillion), was quick to point at the root cause of the fiasco: the Texas security firm CrowdStrike.

ADVERTISEMENT

CrowdStrike had issued an update containing faulty code to its Falcon cyber defence software that rendered Windows PCs and servers using it inoperable. “This was not a Microsoft incident,” Microsoft wrote in an online post at the weekend.

The company said CrowdStrike’s update had affected just 8.5m Windows machines, less than 1pc of the global total.

However, the bug disproportionately affected Windows computers, and Microsoft’s ubiquity among businesses and critical infrastructure providers meant the outage was more widespread than it might have been.

The company is the dominant IT provider to much of the public and private sector, both across PCs and the backend servers on which databases and systems run.

Times Square, New York

Times Square, New York

Digital boards in Times Square, New York, were taken offline as a result of the widespread outage – Selcuk Acar/Anadolu via Getty Images

The outage came at a time of increased scrutiny on the West’s dependence on Microsoft for the computer systems that underpin daily life from payments to airline bookings and doctors’ appointments.

“The reason the outage was so widespread is due to how ubiquitous the Windows operating system is across various industries. Airlines use it for check-in desks, retail use it for point-of-sales machines, and more,” says Jamil Ahmed of IT consultancy Solace.

Cyber officials have raised concerns in recent months about dependence on Microsoft, which has faced questions about its own cyber credentials.

The company faced criticism over a cyber attack in 2020 that allowed Russian state-sponsored hackers to exploit a flaw in software from another company, SolarWinds, and gain access to thousands of corporate networks, including that of the US government. While Microsoft was also a victim, critics said it had been aware of the flaw before the hack and failed to raise the alarm.

In the last year, hackers linked to Russia and China have, in separate incidents, managed to bypass Microsoft’s defences to gain access to thousands of US government emails. In the Chinese hack last summer, emails were stolen from Gina Raimondo, the US commerce secretary, and Nicholas Burns, the US ambassador to China.

A flaw in the company’s Exchange server system was also used by Chinese hackers who obtained data from the Electoral Commission last year, security researchers claimed.

Pressure on the company culminated in April when an official US report into the Chinese email theft accused the company of a “cascade of security failures” and “avoidable errors” and said that its security culture “requires an overhaul”.

Soon after, AJ Grotto, a former White House cyber policy director, claimed Microsoft’s status as the US government’s IT provider amounted to a national security issue, and said the company should be treated as such.

‘Fragile systems’

On Friday, Lina Khan, the head of the US Federal Trade Commission, tweeted: “These incidents reveal how concentration can create fragile systems.”

Microsoft itself has pledged to do better. It has tied bosses’ bonuses to their efforts to promote cybersecurity and promised to make security the company’s top priority.

But while last Friday’s global IT outage was caused by a CrowdStrike bug, Microsoft faced questions about how the company’s software was able to cause such havoc on Windows machines. CrowdStrike Falcon is installed at the kernel, the highest level of system access, which means that when something goes wrong, it is not isolated to the software itself, but can make the whole computer unusable.

Apple machines, by contrast, do not allow security software to run at the kernel level, preventing similar cases. While this could be seen as a security flaw in Microsoft machines, the company said it was required to allow third-party software high-level access due to a settlement with EU competition authorities in 2009.

“It turns out Windows is configured in such a way that a piece of one piece of buggy code can topple the whole thing, partly because of that EU decision. There’s nothing you could realistically expect Microsoft to have done about it,” says one former cyber official. “But it is a reminder of that sheer dependence.”

That EU settlement came in response to concerns that Microsoft had become too dominant in the commercial sector, squeezing out rival providers of antivirus and browser software. Now, the concerns are that too much critical infrastructure relies on it.

“This event certainly brings public attention to the problem of monoculture,” Lukasz Olejnik, an independent cybersecurity researcher and consultant, says.

“When a specific software gains significant market and user share, it becomes important, and a potential risk point. In this case, since CrowdStrike software was so popular, and since Windows is extremely widespread, it leads to clearly visible IT chaos, and an availability breach.”

Last weekend’s IT fiasco did not affect everywhere equally. Russian state media boasted of the country being largely shielded from the outages, since sanctions mean it has developed its own homegrown alternatives to Microsoft and CrowdStrike. The impact in China was also less severe, although this was largely due to CrowdStrike being a rarity in the country.

But for hackers lurking in the two countries, Friday’s chaos will not have gone unnoticed. The outage demonstrated how a single point of failure can bring parts of Western economies to a standstill. Microsoft may not have caused the outage, but our dependence on it means it is a target for those seeking to start the next one.

Read More

Add Comment

Click here to post a comment