Microsoft outage top is in
Crowdstrike isn't Microsoft. While I've got no love for MS, this one wasn't their fault.
Microsoft permitted/certified Crowdstrike to install a device driver in ring 0 of Windiws whose behaviour is utterly dependent on data files supplied by Crowdstrike which clearly do not get certified by Microsoft.
That's just asking for trouble. Microsoft are just as much to blame as Crowdstrike.
Apparently Microsoft had to allow it kernel-level access due to EU meddling in 2009...
https://www.tomshardware.com/software/windows/microsofts-eu-agreement-means-it-will-be-hard-to-avoid-crowdstrike-like-calamities-in-the-future
Some good preliminary analysis here:
https://www.youtube.com/watch?v=ZHrayP-Y71Q
Yeah, my understanding was that there was some sort of anti-competitive problem that forces MS to allow access to the kernel. FWIW, this isn't just an MS problem either. Crowdstrike caused similar system crashes on Linux machines a few weeks before the more widespread issue they pushed to Microsoft.
In the MS case, they pushed an update file (which doesn't have to be signed) out to systems that was blank, rather than having the expected data. There was no error handling in the (signed and approved) Crowdstike driver running in the kernel. (The signing and approval took place with good data files obviously). This bad data then caused a null pointer exception, and since it is in the kernel level that results in a blue screen. Because Crowdstrike had marked their driver as an essential driver that always has to run in the kernel, there was no way for windows users to disable Crowdstrike and allow the PC to boot properly without it (other than to run in safe mode, and then delete the bad data file).
Important to remember that the CEO of Crowdstrike was the CTO overseeing the 2010 widespread computer crashes caused by McAfee antivirus.