Microsoft, Cyber Firms to Meet on Fixes After CrowdStrike Crash

Microsoft Corp. is planning a meeting next month with cybersecurity companies that operate at the core of its Windows systems to discuss ways in which they can keep last month’s worldwide computer crash from happening again.

Cyber companies — including CrowdStrike Holdings Inc., the firm that rolled out a faulty content update last month that led to widespread outages of Windows systems globally — will meet with Microsoft on Sept. 10 at its headquarters in suburban Seattle, the tech giant said. They are scheduled to discuss best practices on deploying updates on Windows computers and whether security firms should continue to have access to the kernel — or core — of Microsoft’s Windows operating systems.

The CrowdStrike crash, which paralyzed businesses and markets for hours in July, has touched off a fierce debate over whether cyber firms should be allowed to operate at the so-called kernel of Microsoft’s Windows systems at all by highlighting the risks associated with that type of core-level access.

The meeting comes after CrowdStrike in July pushed out a flawed content update that shut down Windows computers around the globe, disrupting air travel, banks and other businesses. Since then, CrowdStrike has announced wide-ranging changes to how it tests and deploys content updates. CrowdStrike is expected to attend the summit, and government representatives will also be invited, according to Microsoft.

“We look forward to bringing our perspective to the discussions with Microsoft and industry and government stakeholders on the need for a more resilient ecosystem,” a CrowdStrike spokesperson said in a statement.

Photo: The Microsoft Corp. Windows Recovery screen displayed at John F. Kennedy International Airport in New York, on July 19. Photographer: Michael Nagle/Bloomberg