Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users

Windows 10 BSOD saying "It's not you, it's me."
(Image credit: Microsoft / Laptop Mag)

On July 27, Microsoft released a detailed security report on the cause of the CrowdStrike crash that triggered one of the biggest IT outages in history. 

Microsoft's report came just a few days after CrowdStrike's post-incident report. Both investigations concluded the same thing: the outage that impacted millions of Windows devices was caused by a bugged driver. 

The CrowdStrike outage was effectively triggered by Channel File 291, a file containing problematic data, incorrectly passing validation through the bugged driver, the "Content Validator," part of CrowdStrike's Content Configuration System. 

The problematic data in Channel File 291 triggered an out-of-bounds memory read, which led to the crash. An out-of-bounds memory read occurs when a program tries to access data that's out of reach beyond the end of some type of buffer. For example, if a program tried to access data beyond the end of an index, that could cause an out-of-bounds memory read error. 

In this case, the error resulted in the infamous Blue Screen of Death (BSOD) Windows operating system crash on July 19, which impacted millions of devices worldwide. 

While the outage has mostly been resolved as of this writing, the results of Microsoft and CrowdStrike's investigations could have a more long-lasting impact on everyday users. The way antivirus and anti-cheat apps work might be changing soon. 

The role of kernel-level access in the CrowdStrike outage

A chart provided from Microsoft showing how kernel mode is separate from user mode in the Windows operating system

(Image credit: Microsoft)

Part of the underlying cause of the CrowdStrike outage was that CrowdStrike's software requires kernel-level access, like many other antivirus programs. 

Kernel mode is the deepest level of the Windows operating system. It's often used in cybersecurity software since it can scan for malware more deeply, and kernel-level programs are more complex for hackers to disable. 

By operating on the kernel level, antivirus programs can monitor all the activity on a device to cast the widest net for identifying suspicious activity or files. 

For example, the driver involved in the CrowdStrike outage was a file system filter driver. This type of driver is prevalent in antivirus programs and typically monitors new files saved to a device. They can also monitor system behavior, which appears to be the case with the "Content Validator" involved in the CrowdStrike outage. 

Unfortunately, the downside of allowing a program to run on such a deep level in the Windows operating system is a higher risk of system crashes if a glitch does slip through. 

Microsoft explains in its incident report, "Since kernel drivers run at the most trusted level of Windows, where containment and recovery capabilities are constrained by nature, security vendors must carefully balance needs like visibility and tamper resistance with the risk of operating within kernel mode."

How the CrowdStrike outage could impact kernel-level apps for security and gaming

Microsoft's full report on the CrowdStrike outage is pretty lengthy, but one of the most important sections is at the end, where Microsoft mentions "reducing the need for kernel drivers to access important security data" moving forward. 

This is important to note since CrowdStrike is far from the only developer to require kernel-level access for its software. Many consumer cybersecurity apps and anti-cheat programs also require this deep access into users' operating systems. 

In recent years, kernel-level anti-cheat software has faced significant controversy in the gaming community. Many gamers see it as a privacy and security risk since hackers could get kernel-level access to their devices if these anti-cheat programs were ever compromised. Hackers have even found ways to bypass kernel-level anti-cheat programs. 

However, game developers seem reluctant to abandon kernel-level anti-cheat programs due to the growing difficulty of stopping cheating in competitive games. 

The CrowdStrike outage may mark a turning point in this issue since it sheds new light on the potential dangers of kernel-level programs. This incident is evidence that gamers may be right to be concerned about the safety of their devices with kernel-level anti-cheat. It also highlights the drawbacks of kernel-level consumer cybersecurity apps. 

We could see some of these apps move away from kernel-level access. Microsoft may begin putting more research and development into finding alternative ways to protect users' devices (and stop gamers from cheating) without needing kernel-level permissions. 

AI could offer one potential solution. For example, developers have suggested using AI "Human Behavior Detection" to spot cheating in competitive gaming. This approach relies on identifying suspicious behavior in-game rather than scanning every file on a user's device for potential cheating software. 

Saving FPS Games - AI Anti-Cheat - YouTube Saving FPS Games - AI Anti-Cheat - YouTube
Watch On

Could similar AI-powered solutions provide alternatives to kernel-level cybersecurity software? That's unclear, but AI will likely play a major role in Microsoft's research efforts in the aftermath of the CrowdStrike outage. 

The CrowdStrike outage may have been the most high-profile IT issue caused by a kernel-level program, but it's certainly not the first time kernel-level errors have led to BSOD crashes for users. Kernel-level software has benefits, but the risks are clearly significant. Users need an alternative that can keep their Windows devices safe without the risk of critical system crashes. 

More from Laptop Mag

Category
Arrow
Arrow
Back to Apple MacBook Pro
Brand
Arrow
Processor
Arrow
RAM
Arrow
Storage Size
Arrow
Screen Size
Arrow
Colour
Arrow
Condition
Arrow
Price
Arrow
Any Price
Showing 10 of 250 deals
Filters
Arrow
Show more
Stevie Bonifield
Contributing Writer

Stevie Bonifield is a contributing writer at Laptop Mag specializing in mobile tech, gaming gear, and accessories. Outside of writing, Stevie loves indie games, TTRPGs, and building way too many custom keyboards.

Read more
Best 16-inch laptops lede image
The 9 most outlandish computing stories of 2024
Microsoft Copilot logo with AI sparkle symbol, "Hi, how can I help?" is written below.
Microsoft Copilot just helped me pirate Windows 11 — Here's proof
Windows 11 CPU processing
A Windows 11 update has tanked performance on some Intel CPUs — Here's what it means for you
Windows Logo
Windows users call Microsoft's latest update blunder "The greatest bug in living memory" — here's why
Microsoft Copilot physical key on Windows keyboards
Microsoft "fixes" Windows update bug that some users considered a feature
Photograph of a gaming laptop deck with a 'Powered by SteamOS' badge added to the image.
I'm ready to gamble on this alternative gaming-focused underdog to Windows 11, are you?
Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
Nintendo switch 2 virtual game card
Nintendo's Virtual Game Card feature might be more revolutionary than the Switch 2
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
Asus ROG Ally Z1 on a brown table with the game Unpacking played on screen.
Handheld gaming PCs have a Windows problem — but maybe not for long
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters