Microsoft has revised its initial estimate regarding the CrowdStrike software update outage, acknowledging that the initial figure of 8.5 million affected devices may have been significantly underestimated.
The outage, which caused widespread disruptions including grounded flights and major industry interruptions, stemmed from issues related to kernel drivers used in the CrowdStrike update. Microsoft has announced a plan to reduce the dependence on these drivers in future security solutions to mitigate similar issues.
The initial 8.5 million figure was based solely on crash reports from customers, and did not account for devices that did not report issues. As a result, the actual number of affected devices could be much higher.
David Weston, Vice President of Enterprise and OS Security at Microsoft, stressed the need for security vendors to weigh the benefits of kernel drivers against their potential impact on system stability. In a blog post, Weston defended the use of kernel drivers, noting their role in enhancing security and performance while preventing tampering. However, he suggested that security vendors could limit kernel driver use by running only essential sensors in kernel mode.
Weston concluded by emphasizing Windows’ commitment to innovation in security tools, aiming to improve threat detection and response without compromising system stability.
CrowdStrike’s latest update reports that 97% of the affected servers have been restored to operation. The company’s CEO has pledged to address all remaining disruptions.