Microsoft wasn't directly responsible for the computer bug that caused last weekend's IT crisis, but it didn't take long for the software giant to become the face of the incident.
Large screens in airports, hospitals and train stations all appeared showing the “blue screen of death,” the trademark error screen that appears when Windows computers fail to boot properly.
News reports said there was a “Microsoft outage” worldwide, causing flights to be delayed and ATMs to break down, as staff at the company's Seattle headquarters scrambled to issue instructions to fix the problem.
Microsoft, the world's second most valuable company with a market value of more than $3 trillion (£2.3 trillion), immediately identified the root cause of the fiasco as Texas security firm CrowdStrike.
CrowdStrike had released an update with flawed code for its Falcon cyber defense software that rendered Windows PCs and servers running it unusable. “This was not a Microsoft incident,” Microsoft wrote in an online post over the weekend.
According to the company, the CrowdStrike update affected only 8.5 million Windows computers, less than 1% of the worldwide total.
However, the bug had a disproportionately large impact on Windows computers, and Microsoft's ubiquity among businesses and critical infrastructure providers meant the outage was more widespread than possible.
The company is the largest IT supplier to a large part of the public and private sectors, both in terms of PCs and the back-end servers that run databases and systems.
The outage came amid mounting criticism over the West's reliance on Microsoft for the computer systems that support daily life, from payments to airline tickets to doctor appointments.
“The reason the outage was so widespread is because of how ubiquitous the Windows operating system is across industries. Airlines use it for check-in counters, retail uses it for cash registers and more,” said Jamil Ahmed of IT consulting firm Solace.
Cyber officials have expressed concerns in recent months about the company's reliance on Microsoft, which has faced questions about its own cyber credentials.
The company has faced criticism for a 2020 cyberattack in which Russian state hackers exploited a flaw in software from another company, SolarWinds, and gained access to thousands of corporate networks, including those of the U.S. government. While Microsoft was also a victim, critics said the company knew about the flaw before the hack and failed to sound the alarm.
In the past year, hackers with ties to Russia and China have managed to bypass Microsoft’s defenses and gain access to thousands of U.S. government emails in separate incidents. In the Chinese hack last summer, emails belonging to Gina Raimondo, the U.S. Secretary of Commerce, and Nicholas Burns, the U.S. ambassador to China, were stolen.
According to security researchers, a flaw in the company's Exchange server system was also used by Chinese hackers who obtained data from the Electoral Commission last year.
Pressure on the company reached a fever pitch in April when an official US report into the Chinese email theft accused the company of a “cascade of security failures” and “avoidable mistakes” and said its security culture “needs an overhaul”.
Shortly thereafter, AJ Grotto, former White House cyber policy director, claimed that Microsoft's status as an IT supplier to the U.S. government amounted to a national security problem and the company should be treated as such.
'Fragile systems'
On Friday, Lina Khan, the head of the US Federal Trade Commission, tweeted: “These incidents show how concentration can create vulnerable systems.”
Microsoft itself has promised to do better. It has linked bosses' bonuses to their efforts to promote cybersecurity and promised to make security the company's top priority.
But while Friday’s global IT outage was caused by a CrowdStrike bug, Microsoft has faced questions about how the company’s software could wreak such havoc on Windows machines. CrowdStrike Falcon is installed in the kernel, the highest level of system access, meaning that if something goes wrong, it’s not limited to the software itself but can render the entire computer unusable.
Apple machines, on the other hand, do not allow security software to run at the kernel level, preventing similar cases. While this could be seen as a security hole in Microsoft machines, the company said it was required to grant high-level access to third-party software under a settlement with EU antitrust authorities in 2009.
“It turns out that Windows is configured in such a way that one piece of one piece of buggy code can bring down the whole thing, partly because of that EU decision. You can't realistically expect Microsoft to do anything about it,” says one former cyber official. “But it's a reminder of that huge dependency.”
The EU regulation came in response to concerns that Microsoft had become too dominant in the commercial sector, squeezing out rival antivirus and browser vendors. Now there are concerns that too much critical infrastructure relies on it.
“This event certainly draws public attention to the problem of monoculture,” said Lukasz Olejnik, an independent researcher and consultant in the field of cybersecurity.
“When a specific software gains significant market share and user share, it becomes important and a potential risk point. In this case, because CrowdStrike software was so popular and because Windows is extremely widespread, it leads to clearly visible IT chaos and a breach of availability.”
The weekend’s IT debacle wasn’t universally felt. Russian state media boasted that the country was largely shielded from the outages because it had developed its own alternatives to Microsoft and CrowdStrike under sanctions. The impact in China was also less severe, though this was largely because CrowdStrike was a rarity in the country.
But for hackers lurking in the two countries, Friday’s chaos will not have gone unnoticed. The outage showed how a single point of failure can bring parts of the Western economy to a standstill. Microsoft may not have caused the outage, but our reliance on it means it is a target for those hoping to start the next one.
Broaden your horizons with award-winning British journalism. Try The Telegraph free for 3 months with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
