After CrowdStrike "disaster", Microsoft announces security event schedule

The Windows Recovery screen is displayed at John F. Kennedy International Airport in New York, US on July 19. (Source: Bloomberg)

Security companies — including CrowdStrike, the company that brought the world to its knees with a flawed update — will meet at Microsoft's Windows Endpoint Security Ecosystem Summit on September 10 at the software company's headquarters in Seattle, US.

They will discuss best practices for deploying updates on Windows computers and whether to continue accessing the operating system's kernel.

The CrowdStrike “disaster” that paralyzed a host of organizations in July sparked a debate about whether security companies should be allowed to operate at the Windows kernel, given all the risks associated with privileged access at the kernel level.

According to security firms, that privilege helps their software “monitor and block bad behavior, preventing malware from turning off security software.”

In recent years, Apple has restricted kernel access in macOS and discouraged developers from using kernel extensions.

In the CrowdStrike incident, millions of Windows systems globally crashed for hours on July 19 due to a faulty update, severely affecting airlines, banks and other sectors.

Airlines have canceled thousands of flights, logistics companies have delayed deliveries, and hospitals have canceled appointments. Delta Air Lines claims $550 million in losses and is seeking compensation from Microsoft and CrowdStrike.

CrowdStrike announced broad changes to how it tests and deploys updates. Government officials were also invited to the conference, according to Microsoft.