Microsoft Reveals EU Restrictions Prevent Locking Down Windows, Contributing to CrowdStrike's Blue Screen Incident

The blue screen crashes caused by cybersecurity firm CrowdStrike continue to ferment, with the problematic update withdrawn but many affected Windows systems requiring manual restoration by IT administrators. This has left numerous critical industry systems still not functioning properly.

But what allows security software to cause such catastrophic crashes on Windows? This traces back to a 2009 agreement between Microsoft and the European Union, mandating that Microsoft grant security software developers equal Windows privileges.

As those familiar with security software may know, this means that security software's core drivers, once signed and certified by Microsoft, are installed on Windows with kernel-level access permissions, allowing the execution of highly complex operations once installed.

A Microsoft spokesperson discussed the issue of blue screen crashes and security software's privilege controls in an interview with The Wall Street Journal. Microsoft explained that the company is unable to further lock down the operating system to enhance security due to this agreement.

The agreement with the EU can be viewed on Microsoft's official website, specifying that Microsoft is obligated to open up the Windows APIs used by its security products to third-party security software developers.

Furthermore, the agreement requires Microsoft to document these APIs on the Microsoft Developer Network, allowing security software developers access unless these APIs pose a security risk.

The EU's demand stems from concerns over market competition,  While this agreement fosters a fair competitive environment, it also compromises security, as evidenced by the CrowdStrike blue screen incident.

Unlike Windows, the EU has not imposed similar requirements on macOS or ChromeOS. In 2020, Apple informed developers that it would no longer provide kernel-level access permissions, impacting certain Mac software but enhancing system stability and security.

Most Mac users, facing complex procedures to grant kernel-level access to software, likely won't, significantly reducing the incidence of software-caused crashes and serious security issues on Macs.