Microsoft attributes EU regulations for its inability to secure Windows after the CrowdStrike incident EU Regulations Potentially Contributed to Recent Windows System Issues During CrowdStrike Incident
Microsoft is investigating whether regulations imposed by the European Commission exacerbated problems with Windows systems during the recent CrowdStrike outage. According to reports from The Wall Street Journal (WSJ), Microsoft’s spokesperson highlighted a 2009 agreement with the Commission that may have restricted the company’s ability to enhance the security of its operating systems more robustly.
The agreement was a response to a complaint and required Microsoft to provide third-party security software developers with the same level of access to Windows APIs as the company itself. Last week’s incident underscored the potential risks associated with such open access policies.
In contrast, Apple has been tightening controls over its operating systems since 2020, limiting developers’ access to kernel-level functionalities. Similarly, Google operates without comparable regulatory constraints.
Despite the security advantages of a more locked-down operating system, it is unlikely that the EU will grant Microsoft permission to restrict developer access in light of previous decisions. The European Commission has been closely monitoring Microsoft, with recent attention focusing on antitrust cases related to the bundling of Teams within Microsoft 365 and the company’s dominance in the cloud market.
Microsoft’s frustration with the European Commission comes in the wake of a CrowdStrike update that inadvertently disrupted 8.5 million Windows PCs globally, prompting Microsoft to provide affected users with an auto-fix tool.