July 29, 2024 at 02:39AM
Microsoft acknowledges that its initial estimate of 8.5 million machines affected by CrowdStrike’s software update was likely underestimated. The incident response blog shared insights into the impact measurement process, stressing the limitations of crash reports. Microsoft outlined plans to reduce dependence on kernel drivers and enhance security in collaboration with the anti-malware ecosystem.
From the meeting notes, I have gathered that Microsoft is acknowledging that the estimate of 8.5 million machines affected by CrowdStrike’s software update was likely too low. They are planning to reduce infosec vendors’ reliance on kernel drivers to mitigate similar issues in the future.
David Weston, the veep for enterprise and OS security, detailed how Microsoft measured the impact of the incident by accessing crash reports from customers, noting that not every Windows customer shares crash reports. This means that the 8.5 million estimate shared by Microsoft was not entirely accurate.
Weston also stressed the need for security vendors to carefully balance the benefits of kernel drivers against potential negative impacts on resilience. He highlighted the importance of minimizing kernel usage while maintaining a robust security posture.
Additionally, Weston mentioned Microsoft’s plans to work with the anti-malware ecosystem to modernize their approach and increase security and reliability, outlining four specific efforts in this direction.
It seems that Microsoft is taking steps to avoid similar incidents in the future, and CrowdStrike should take note of these developments.
If there is anything specific you would like me to focus on or if you have any other questions, feel free to ask.