Microsoft blames EU rules for its inability to lock down Windows following CrowdStrike incident

Microsoft is reportedly analyzing whether restrictions enforced by the European Commission could be partly responsible for amplifying issues with Windows systems during the recent CrowdStrike outage incident .

The Wall Street Journal (WSJ) notes that in an intriguing point concerning the security of Windows operating systems, Microsoft’s spokesperson pointed out a 2009 agreement with the Commission prevented the company from enhancing the OS's security more rigorously.

The agreement came in response to a complaint, and required Microsoft to offer security software developers the same level of access to Windows as the company itself has.

Microsoft claims European Commission hinders security

The decision, intended to encourage competition, inadvertently allowed third-party vendors to disrupt systems.

The agreement specifies that Microsoft must share its APIs for Windows Client and Server operating systems with third-party security software developers, but last week’s incident highlighted the risks of such openness.

On the flip side, Apple has been restricting developers from kernel-level access to its OSs since 2020. Google is also not bound by similar regulations.

Despite the clear security benefits of an OS lock down, the EU is unlikely to grant Microsoft permission to restrict certain developer access given its previous decision. The Commission has also been keeping a close eye on Microsoft in recent months, with two major antitrust cases relating to the bundling of Teams within Microsoft 365 and the company’s cloud market dominance hitting the headlines.

Microsoft’s dissatisfaction with the European Commission comes days after a CrowdStrike update accidentally broke 8.5 million Windows PCs globally, which prompted Microsoft to intervene by giving affected users access to an auto-fix tool.

TechRadar Pro has offered Microsoft an opportunity to share further context, but the company did not immediately respond.

More from TechRadar Pro

• Check out the best VPNs and best firewalls
• We’ve rounded up a list of the best endpoint security software
• Servers down after CrowdStrike update — How it happened and how to fix