Microsoft attributes the recent global epidemic of computer crashes, including the notorious Blue Screen of Death (BSOD), to the European Union’s stringent regulations. This widespread outage, which occurred on Friday, was triggered by a faulty security update from cybersecurity firm CrowdStrike.
The problem traces back to a 2009 European Commission directive, which Microsoft claims prevented them from implementing security measures that could have blocked the problematic update. As a result, an estimated 8.5 million computers experienced failures worldwide, according to the Wall Street Journal.
The impact of the outage was severe and widespread, causing thousands of flight delays and cancellations, disruptions in the UK’s National Health Service (NHS), inoperative contactless payment systems, shutdowns of 911 emergency services in some US states, and the closure of several stock exchanges, including the London Stock Exchange.
The root cause was identified as a defective update for CrowdStrike’s Falcon system, a cybersecurity tool with privileged access to a critical computer component known as the kernel. Due to the 2009 EU agreement, Microsoft had to allow multiple security providers to install their software at the kernel level, limiting their ability to block problematic updates.
In contrast, Apple blocked access to the kernel on its Mac computers in 2020 to enhance security and reliability, a change Microsoft couldn’t implement due to the EU agreement.
Despite the significant impact, Microsoft clarified that the affected 8.5 million Windows devices represent less than 1% of all machines using the software. CrowdStrike has acknowledged the issue, reporting that many affected computers are now back online, and has apologized for the disruption.
As the EU continues its regulatory efforts under the new Digital Markets Act, including measures to force Apple to open its iPhone ecosystem, this incident underscores the delicate balance between regulatory oversight and technological innovation. While the EU’s regulations aim to ensure fair competition, the unintended consequences highlight the complexities of managing global cybersecurity and IT infrastructure.
