Microsoft has acknowledged that the initial estimate of 8.5 million devices affected by the recent CrowdStrike software update was likely underestimated.
Following emerging details of the dodgy update that caused widespread outages, grounding flights and disrupting other key industries, Microsoft is pledging to reduce infosec vendors’ reliance on kernel drivers believed to be behind the problem.
While the true scope of the outage has not yet been confirmed, Microsoft’s initial estimates only included crash reports shared by customers, ignoring those who did not report the issue.
Microsoft says more than 8.5 million people affected by CrowdStrike outage
David Weston, Vice President of Enterprise and OS Security at Microsoft, emphasized the importance of infosec vendors weighing the benefits of kernel drivers against the potential impact on system resiliency.
In a blog post discussing the outage and describing Microsoft’s efforts to learn from and respond to the outage, Weston defended Windows’ performance by emphasizing the benefits of kernel drivers in improving security by improving performance and preventing software tampering.
The VP suggested that security vendors could minimize kernel usage by running minimal sensors in kernel mode for data collection and enforcement.
Weston sums it up this way: “As we move forward, Windows continues to innovate and deliver new ways for security tools to detect and respond to emerging threats safely and securely.”
CrowdStrike’s most recent update, issued Thursday, said 97% of affected servers are now back online. The company’s CEO said it would work tirelessly until all disruptions are resolved.
Ny Breaking asked Microsoft how many devices it estimates may have been affected and how many are back online. The company did not immediately respond.