Microsoft holding cybersecurity summit in wake of CrowdStrike outage

preview_player
Показать описание
Microsoft is holding a cybersecurity summit Tuesday in the wake of the CrowdStrike software update that caused a global outage in July. Microsoft reportedly plans to address ways the tech industry can improve its security. CBS News cybersecurity contributor Andrew Boyd has more.

Рекомендации по теме
Комментарии
Автор

This wasn't a security issue, rather an untested update to a program running in kernel space. Apple requires programs needing kernel level access to go through a security layer with no programs having unfettered kernel level access.

grunky
Автор

One of the main issues with these security vendors is they’re requiring device drivers for their probes. Out of pressure from the EU, Microsoft had to grant these vendors the ability to write and sign these drivers. By doing so, Crowdstrike was able to bypass Microsoft’s WHQL requirements. So the question is two fold. First, how can we ensure that vendors are releasing secure, tested updates that will meet WHQL standards? Second, will there be a revocation process to quickly and effectively revoke vendor certificates if another 3rd party vendor releases a bad update by MS, thus preventing spread and contagion? Cert revocation is also crucial in the event the vendor CA gets compromised.

epic
Автор

First of all it was not Microsoft fault it was a security company least update freaking every computer

AlfredHolmank
Автор

I'm on universal credit too not by choice 😭

cherylkennedy
Автор

did Boyd serve the military? Didn't appreciate "19 July". He talks like he writes in technical form.

HopelessAutistic
Автор

Microsoft charging people for emails. I don't send many other people send loads to me of which I'll get charged for and I get loads in one day 😢 too many to read never mind delete and I have Autism 😢

cherylkennedy