Microsoft is scheduled to hold a cybersecurity summit on September 10 at its headquarters in Redmond, Washington, to address issues following a major outage caused by CrowdStrike, as shared in a blog post.
In July, a faulty update from CrowdStrike’s Falcon sensor led to nearly 8.5 million Windows devices crashing, disrupting operations across various sectors, including airlines, banks, and healthcare.
The event, known as the Windows Endpoint Security Ecosystem Summit, will bring together cybersecurity firms, government representatives, and industry stakeholders. Microsoft aims to discuss strategies for preventing similar incidents in the future. One focus of the discussions will be the potential shift from using the privileged kernel mode, which contributed to the July outage, to using user mode, which offers safer isolation of applications.
The July incident caused significant disruptions. Airlines canceled thousands of flights, hospitals delayed medical appointments, and logistics companies reported delivery delays. Delta Air Lines reported losses of over $500 million due to flight cancellations and is seeking damages from both CrowdStrike and Microsoft. The outage has raised concerns about the risks of relying on single vendors for cybersecurity solutions.
CrowdStrike has faced substantial repercussions following the incident, losing about $9 billion in market value. Shareholders have filed lawsuits, alleging that CrowdStrike did not adequately disclose the risks of insufficient software testing that led to the widespread disruption.
Microsoft’s summit will also cover the adoption of technologies like eBPF, which checks software compatibility to prevent system crashes, and memory-safe programming languages such as Rust. Microsoft has previously donated $1 million to the Rust Foundation to support these initiatives.
CrowdStrike, along with other cybersecurity companies like Check Point and SentinelOne, will participate in the summit. Microsoft’s Defender for Endpoint team will also attend but will not receive any special treatment. Microsoft stated that the July incident provided essential lessons for improving cybersecurity practices. Further updates from these discussions will be shared after the event.
