Microsoft Planning Cybersecurity Event in September

On Friday, Microsoft announced that it would hold a conference for cybersecurity firms in September. It would be aimed at discussing how the industry can evolve.

This comes after millions of computers crashed in the previous monthly due to a faulty software update from CrowdStrike.

The Incident

Due to the crash, internet-connected systems had gone into disarray. Thousands of flights were cancelled by airlines, while there were package delivery delays reported by airlines.

Likewise, medical appointments at hospitals also suffered from delays. According to Delta Airlines, the company had to bear a cost of $550 million due to the outages.

Therefore, the company has filed for damages from both CrowdStrike and Microsoft. On September 10^th, Microsoft will conduct a meeting with CrowdStrike and other security firms.

The event will be held at the company’s headquarters in Redmond, Washington for discussing how similar issues can be prevented in the future.

The details were shared by a Microsoft executive, who spoke on the condition of anonymity, as internal matters cannot be discussed publicly without approval.

The Participants

According to the executive, those who attend the Windows Endpoint Security Ecosystem Summit will discuss the possibility of shifting the reliance of applications.

Currently, applications depend on a part of Windows called the kernel mode, which is quite privileged. But, in the future, this reliance may be shifted to user mode.

Kernel mode is used for software from CrowdStrike, including Sentinel One and Check Point, along with others that are currently available in the endpoint-protection market.

A spokesperson revealed that this kind of access gives Sentinel One the opportunity to track as well as stop bad behavior. In addition, it can also stop malware from turning off security software.

As far as the user mode is concerned, the applications here are isolated. This means that if one application crashes, it will not have an impact on the others.

The Difference

However, if there is an application failure in Kernel mode, this could cause the entire Windows to come crashing down.

On July 19^th, CrowdStrike rolled out a configuration update that turned out to be buggy. This was aimed at the company’s Falcon sensor for Windows devices.

The intent had been to accumulate data regarding new attacks and it resulted in the operating system crashing.

When IT administrators rebooted their devices that had gotten the new update, they encountered the infamous ‘blue screen of death’.

The Microsoft executive revealed that they would only be able to resolve a limited number of potential problems if they remove kernel access in Windows.

In recent years, Apple has already taken steps to limit kernel access in macOS. Moreover, the firm also discourages the use of kernel extensions amongst developers.

Those participating in Microsoft’s event on September 10^th will also talk about eBPF technology’s adoption. This technology assesses if programs can operate without triggering system crashes.

The executive said that they will also focus on memory-safe programming languages like Rust. Microsoft had made a donation of $1 million to the nonprofit Rust Foundation last year.