CrowdStrike’s Falcon security software embeds itself as a privileged access component within the operating system. Allowing a third party to embed itself in this way creates the kind of vulnerability that CrowdStrike just unleased.
Logically, it would be best if third parties could not do that – but Microsoft is prohibited by the EU from putting in that limitation:
A Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.
Blue Screens Everywhere Are Latest Tech Woe for Microsoft – WSJ
The cause of CrowdStrike’s failure was not primarily technical. Instead, it involved organizational, management, cultural and procedural failures that enabled the creation of the errant code, failed to detect the errant code, then distributed the errant code to targets that installed the failed software, automatically, without verification. This was primarily a process failure.
What CrowdStrike did should potentially be a death sentence for CrowdStrike and the company should be shuttered.
