In the summer of 2024, corporate anti-malware provider CrowdStrike pushed a broken update to millions of PCs and servers running some version of Microsoft's Windows software, taking down systems that both companies and consumers relied on for air travel, payments, emergency services, and their morning coffee. It was a huge outage, and it caused days and weeks of pain as the world's permanently beleaguered IT workers brought systems back online, in some cases touching each affected PC individually to remove the bad update and get the systems back up and running.

The outage was ultimately CrowdStrike's fault, and in the aftermath of the incident, the company promised a long list of process improvements to keep a bad update like that from going out again. But because the outage affected Windows systems, Microsoft often had shared and sometimes even top billing in mainstream news coverage—another in a string of security-related embarrassments that prompted CEO Satya Nadella and other executives to promise that the company would refocus its efforts on improving the security of its products.

The CrowdStrike crash was possible partly due to how anti-malware software works in Windows. Security vendors and their AV products generally have access to the Windows kernel, the cornerstone of the operating system that sits between your hardware and most user applications. But most user applications don't have kernel access specifically because a buggy app (or one hijacked by malware) with kernel access can bring the entire system down rather than just affecting the app. The bad CrowdStrike update was bad mostly because it was being loaded so early in Windows' boot process that many systems couldn't check for and download CrowdStrike's fix before they crashed.

Read full article

Comments

Last fall, Microsoft announced that individuals who wanted to keep using Windows 10 past its official end-of-support date could do so by opting into the company's Extended Security Update (ESU) program at a cost of $30 per PC. That payment would get users a single year of additional security updates. Today, less than four months before that October 14, 2025, cutoff, Microsoft is announcing additional options for people who can't or don't want to pay that fee.

Individuals who want to pay $30 for the additional year of updates will still be able to do so. But Microsoft will also extend a year of additional Windows 10 security updates to any users who opt into Windows Backup, a relatively recent Windows 10 and Windows 11 app that backs up some settings and files using a Microsoft account. Users can also opt into ESU updates by spending 1,000 Microsoft Rewards points, which are handed out for everything from making purchases with your Microsoft account to doing Bing searches.

These offers don't formally extend the end-of-support date for Windows 10. But for users who don't want to move to Windows 11 or who can't do so because their PC doesn't meet the requirements, they do effectively offer an additional year of free updates for the OS that's still installed on a slim majority of the world’s Windows PCs, according to Statcounter data.

Read full article

Comments