Microsoft’s Post

When we talk about the operating system we know a name Microsoft only, all techies are paying to Microsoft for their services and licensees fee. Then why are you using CrowdStrike as scapegoat. Before this issue very few people know about the CroudStike. Can I ask how many people are paying to CroudStick for any patching or updates directly? When Microsoft taking the credit for all the fame than they also need to take the responsibility for failure as well.

How come an integration testing with Microsoft hasn’t happen? Given Microsoft’s customer base. Also Microsoft stating the issue on Crowdstrike doesn’t seem convincing. My sister’s families became a victim and stuck in US. So many chaos. Multiple flight booking and finally loads money stuck with airlines. Unsure on the refund process. Hope this lesson will ensure better policy and partnership management from Microsoft end.

#Failed Again!!!

As we increasingly rely on cloud services for our critical operations, recent events like Microsoft and CrowdStrike's major outage yesterday serve as stark reminders of the vulnerabilities inherent in cloud infrastructure. Yesterday's disruption not only underscored the potential for widespread impact but also highlighted the ripple effects such incidents can have across businesses and individuals alike. The fear of the cloud stems from these moments of vulnerability where a single service disruption can bring down essential tools and services, disrupting workflows, communications, and even financial transactions. While cloud computing offers scalability, flexibility, and accessibility, it also necessitates placing trust in third-party providers whose systems, as we've witnessed, are not infallible.

Over the years, the tech industry has developed numerous technologies, including #AI, #cloud computing, #chatgpt, and #scalable platforms. However, it still struggles to create operating systems that can entirely avoid the Blue Screen of Death (BSOD). During my brief experience with Windows driver development, I noticed that network driver issues often lead to complete system failures. This points to a fundamental flaw in the architecture, flow, and communication design of the OS. Despite the advancements over the years, these issues should have been evolved, redesigned, and fixed. Instead of relying on solutions like CrowdStrike it seems to be a failure on Microsoft’s part for not providing an OS that can effectively isolate issues and prevent system crashes.

System can be rolled back to the previous ‘RESTORE POINT’ if configured before key updates in Windows folders, however accessible only after successful login. Hypothetically, even if Microsoft allow a feature to recover system from last RESTORE POINT at boot time, agents like Falcon, having append/write access to named pipe will cause the OS to go into loop again, causing BSOD. Core issue remains with the named pipes, which is used by OS and further access assigned to Falcon agent to append data. Windows should allow only necessary access to 3rd party agents like Falcon, on its OS named pipes but restrict unnecessary access to avoid conflicts with the OS. Moreover, 3rd party agent can choose an alternative IPC mechanisms that are better suited for append-style communication. For example, message queues might be a more appropriate choice compared to named pipes in this scenario. Urgent changes are required at Windows level to limit access to 3rd party agents on its OS files / processes otherwise it can happen again. Microsoft #CyberSecurity #TechDependence #CyberThreats

The most important thing is for Microsoft to think about how to prevent this from happening again, not just for CrowdStrike but for all third-party apps. If an update for third-party software can cause massive downtime for Windows, it is a serious security vulnerability. At the end of the day, end users are using Windows, and they will blame both CrowdStrike and Microsoft. Should Microsoft consider more thorough testing for updates, a gradual rollout, and perhaps a more robust rollback mechanism? Ensuring the stability and security of the Windows ecosystem is crucial, and learning from this incident is key to maintaining user trust and system reliability.

I understand the problem will be resolved, but I'm curious how this security path slipped by QA. Is there any testing done before deployment to the ultimate customer? I am not sure if this patch was tested on any alpha or beta customer systems before being sent to the entire system? I'm not sure how it passed all of the testing environments, such as unit testing, system integration, quality assurance, security testing, performance testing, chaos testing, regression testing, alpha testing, beta testing, and user acceptance tests.

Team LinkedIn. Clearly this outage and cause and effort to prevent in future matters. Will you pile on? Will you join the noise of criticism and opportunism? Will you be like our various political leaders just pass the blame? I will not. What is amazing is how well the global digital world works most every minute of every hour of every day.Microsoft is part of the reason we have the amazing digital world we live in. Lets learn from this and be positive problem solvers.Lets choose to fix problems …move on …be professional and lead and govern.