Microsoft’s blue screen of death
Microsoft is currently facing a widespread issue with blue screens appearing on their devices, causing frustration for users.
The blue screen of death has been a notorious symbol of technological failure ever since Microsoft’s Windows became the dominant operating system in the 1990s.
On Friday, it appeared simultaneously on countless computers worldwide, showcasing Microsoft’s ongoing dominance in workplaces and the long-standing design decisions that enabled a relatively unknown software company to incapacitate millions of Windows machines. According to some security professionals, Microsoft has not adequately addressed the vulnerability of its software.
According to a blog post by Microsoft on Saturday, approximately 8.5 million Windows machines were affected, which accounts for less than 1% of its global presence. The impact of that number was significant, leading to the disruption of operations for major businesses in various sectors such as healthcare, media, and restaurants.
The impact of the situation persisted in airports on Saturday, with U.S. carriers having to cancel nearly 2,000 flights, a decrease from the 3,400 cancellations on Friday. Delta, responsible for the majority of canceled flights on Saturday, has been making efforts to ensure sufficient crew coverage. They have instructed pilots at hub airports to depart as soon as planes are fully boarded and ready to go, prioritizing safety over the scheduled departure time.
Friday’s outage was the result of a faulty update that was sent to corporate clients by CrowdStrike, one of the many cybersecurity firms that specialize in enhancing the security of Windows. Microsoft has its own competing product, known as Windows Defender.
The CEO of CrowdStrike acknowledged the issue on Friday and assured customers that the company is actively working to resolve the problem and restore operations.
On Friday morning, a significant number of individuals arrived at work only to discover that their PCs were plagued by the notorious blue screen of death. Meanwhile, Macs and Chromebooks remained unaffected and continued to function smoothly. Searches for “Microsoft outage” consistently outranked “CrowdStrike outage” on Google from Friday morning through Saturday morning.
Friday’s incident highlighted a trade-off that is inherent to Windows. Its open design allows developers to create robust software that can seamlessly integrate with the operating system on a profound level. However, when circumstances take a turn for the worse, the consequences can be devastating, as countless individuals experienced on Friday.
According to Amit Yoran, the CEO of cybersecurity firm Tenable, Apple’s closed ecosystem allows for a more balanced approach in terms of upgrades and security practices for applications on the App Store.
Microsoft has faced significant challenges with security issues, with its software often being targeted by criminal groups and state-sponsored actors in Russia and China. Company executives have been summoned to Congress to provide an explanation for the security vulnerabilities of Windows.
Curiously, the matter was brought up by CrowdStrike CEO George Kurtz in a public forum back in January. According to his statement on CNBC, the situation reveals significant failures on the part of Microsoft, which not only jeopardize their customers but also pose a risk to the U.S. government. This comes after Microsoft disclosed a Russian hack of systems utilized by its senior leadership.
Two months later, a report from the Department of Homeland Security’s Cyber Safety Review Board highlighted concerns about Microsoft’s security culture. The report emphasized the need for an overhaul, especially considering the company’s central role in the technology ecosystem.
Microsoft stated that the CrowdStrike crash was not connected to the concerns raised by federal officials regarding the company’s security shortcomings.
Some security professionals have raised concerns about the company’s practices, suggesting that Microsoft’s focus on cloud computing has led to neglect in the development of its more traditional products like Windows, email, and corporate directory services. These products have become prime targets for attacks. According to experts, the lack of attention given to this issue has increased the importance of security software, such as the one offered by CrowdStrike.
“If there is a strong emphasis on security, the existence of these products would either enhance safety or render them unnecessary,” commented Dustin Childs, a cybersecurity expert who previously worked at Microsoft and now leads threat awareness at Trend Micro, a cybersecurity company. Trend Micro is in direct competition with Windows Defender and CrowdStrike.
Pavan Davuluri, Microsoft’s corporate vice president of Windows and devices, highlighted the positive impact of the cloud on software reliability. He emphasized how the live and constantly updating nature of the operating system has contributed to this improvement. However, he mentioned that the company faces distinct challenges in the tech industry due to a diverse customer base, including many who rely on outdated versions of Windows and hardware.
“In Windows, we have a wide range of responsibilities,” Davuluri stated. “It is crucial to align with our customers’ needs, considering the product, its usage, and its life cycle.”
The impact of CrowdStrike’s bug was significant due to the nature of its security software, known as Falcon. Falcon operates at the kernel level of Windows, which is the most critical part of the operating system. Therefore, when an update to Falcon resulted in a crash, it had a cascading effect and disrupted the core functionality of the operating system. That’s when the dreaded blue screen of death made its grand entrance.
Apple informed developers in 2020 that they would no longer have kernel-level access to its MacOS operating system.
According to Patrick Wardle, the CEO of Mac security maker DoubleYou, the recent change caused some difficulties for Apple’s partners. However, it also ensured that Macs would not encounter any blue screen of death-style issues.
“It implied that many third-party developers, including ourselves, had to rewrite our security software,” he explained.
According to a Microsoft spokesman, the company is unable to implement the same level of restriction on its operating system as Apple due to an agreement it made with the European Commission in response to a complaint. In 2009, Microsoft made a commitment to provide security software makers with equal access to Windows, mirroring the level of access that Microsoft itself enjoys.
