featured-image

Microsoft is reportedly evaluating the impact of European Commission regulations on the recent CrowdStrike outage, which affected 8.5 million Windows PCs globally. The company suggests that a 2009 agreement with the Commission may have limited its ability to enhance Windows security effectively.

According to the Wall Street Journal, Microsoft’s spokesperson drew attention to an agreement made with the European Commission in 2009. This agreement was reached due to a complaint that forced Microsoft to allow third-party security software developers to have the same level of access to Windows as Microsoft had to itself. 

Microsoft compares its situation to Apple and Google’s freedom

According to the agreement, Microsoft has to give its APIs for both the Windows Client and Server version to third-party developers. This is especially the case given the recent incident in which a CrowdStrike update affected millions of Windows devices. Microsoft had to intervene, providing an auto-fix tool to the users who were affected.

On the other hand, Apple and Google are subject to different legal frameworks. Since 2020, Apple has denied developers access to the kernel, the core of the operating systems, a measure that improves security by reducing the attack surface. Google is not regulated by rules similar to those of the EU, which gives it more control over OS security measures. 

Also Read: NIST annnounces funding opportunity for AI-oriented manufacturing in U.S.

The most recent incident that contributed to this is the CrowdStrike outage, which has heightened Microsoft’s disapproval of the European Commission’s restrictions. According to the company, these regulations limit the company from being able to come up with a more enhanced security system. 

Nevertheless, any effort to limit access to third parties could be challenged by the Commission, given its goal of promoting competition in the software industry. Microsoft was quick to contain the damage by releasing an auto-fix tool for the affected systems in the wake of the outage.

EU scrutinizes Microsoft’s practices

Microsoft is still under scrutiny by the European Commission, and two major antitrust cases are being reviewed at the moment. The current cases include the integration of Microsoft Teams with Microsoft 365 and the anti-monopoly issues related to Microsoft’s cloud services. 

The outage led to massive disruption, with thousands of flights being delayed or canceled, impact on the UK’s National Health Service (NHS), and contactless payment systems going down across the world. Microsoft revealed the extent of the issue, explaining that while affected devices accounted for less than 1% of all Windows-based devices, CrowdStrike’s widespread adoption in the corporate world amplified the issue.