EU rules blamed for global IT outage: Is Microsoft right?
Microsoft has pointed to European Union (EU) regulations as the cause of the world's largest IT outage. The tech giant claims that a 2009 agreement with the European Commission prevented it from blocking a faulty security update from cybersecurity firm CrowdStrike. This failure led to widespread disruption in travel and healthcare services last Friday, affecting nearly 8.5 million Windows computers and servers worldwide.
Faulty update disrupts travel, healthcare services
The faulty update from CrowdStrike's Falcon system—a cybersecurity solution with privileged access to a computer's kernel—caused affected PCs and servers to enter a recovery boot loop. Affected machines were stuck on the 'Blue Screen of Death.' This led to significant disruptions in various sectors. Flight cancellations occurred due to the outage, contactless payment systems failed, and GP surgeries were unable to schedule appointments. Dubbed the "largest IT outage in history," it could potentially cost more than $1 billion in damages.
Microsoft's EU agreement hinders security changes
Microsoft's 2009 agreement with the European Commission, part of a European competition investigation, required the company to allow multiple security providers to install software at the kernel level. This contrasts with Apple's decision in 2020 to block kernel access on its Mac computers for improved security and reliability. A Microsoft spokesperson stated that due to this EU agreement, they were unable to implement similar changes.
IT outage leads to thousands of flight cancellations
Data from OAG revealed that between Friday and Sunday, 9,650 flights were cancelled due to the IT outage. While many airlines had recovered by Sunday, 2,619 flights were still cancelled with US airline Delta accounting for most of these cancellations. The NHS confirmed that its systems were back online but warned of potential delays as services recover from the widespread disruption caused by the faulty update.
