Microsoft Investigates European Commission’s Role in Recent CrowdStrike Outage

Microsoft is scrutinizing whether European Commission restrictions have inadvertently exacerbated security issues within Windows systems.

According to Microsoft Start, a Microsoft spokesperson highlighted that a pivotal 2009 agreement with the European Commission has constrained the company’s ability to robustly enhance the security of its operating systems. This agreement, which stemmed from a complaint, mandated that Microsoft provide third-party security software developers the same access to Windows as the company itself possesses.

This decision, while aimed at fostering competition, appears to have opened the door to potential disruptions by third-party vendors. The 2009 agreement necessitates that Microsoft share its Application Programming Interfaces (APIs) for Windows Client and Server operating systems with third-party security developers. However, the recent CrowdStrike incident has underscored the inherent risks of such a policy of openness.

Related: Microsoft Reaches Agreement with French Tech Giant OVHcloud to Resolve Antitrust Complaint

In contrast, other tech giants like Apple and Google have adopted more restrictive approaches. Since 2020, Apple has limited developer access to kernel-level operations within its operating systems, a move designed to fortify security. Google, similarly, is not subject to comparable regulations that mandate such extensive third-party access.

Despite the apparent security advantages of restricting OS access, the European Commission is unlikely to reverse its stance and permit Microsoft to impose such restrictions. The EU’s commitment to ensuring competitive practices in the tech industry remains strong. Moreover, Microsoft has been under heightened scrutiny from the Commission, facing significant antitrust cases concerning the integration of Teams within Microsoft 365 and its dominant position in the cloud market.

Source: Microsoft Start