There is no love lost between George Kurtz, the CEO of CrowdStrike, and Microsoft. This antagonism has been well-publicized, particularly in light of recent statements and the ongoing battle for cybersecurity supremacy. However, the latest developments might have given Microsoft a significant upper hand, posing a potentially existential threat to CrowdStrike’s operations on Windows machines.
George Kurtz’s Bold Stand
In his last earnings call, George Kurtz did not hold back his frustrations with Microsoft. “We decided enough is enough,” Kurtz proclaimed. “There’s a widespread crisis of confidence among security and IT teams within the Microsoft customer base.” This public declaration underscores the simmering tension between the two companies, which compete fiercely in the cybersecurity arena. 54 days later, CrowdStrike caused the world’s largest IT outage.
The Code Signing Certificate Dilemma
The recent incident involving CrowdStrike has brought this rivalry to a critical juncture. Microsoft’s ability to revoke CrowdStrike’s code signing certificate—a certificate essential for the operation of CrowdStrike’s software on Windows—now looms as a severe risk to CrowdStrike and to all its customers. This risk is particularly acute because CrowdStrike uses its kernel driver as an interpreter to execute instructions, unvalidated content.
CrowdStrike’s approach involves running code that could be considered executable within their kernel driver. CrowdStrike, in their latest attempt, is trying to define it as content but unsuccessfully in my opinion. “The argument put forth by CrowdStrike hinges on the semantics of a single word: content. By classifying executable instructions as content, they aim to navigate around the restrictions and policies that govern executable code. This semantic maneuver is not just a play on words; it’s an attempt to fundamentally alter the interpretation of what constitutes executable code.”
If Microsoft determines that CrowdStrike’s practices violate their security guidelines, they have a solid reason to revoke the code signing certificate. This action would render CrowdStrike’s security solutions inoperable on Windows platforms, crippling their effectiveness and shaking customer confidence to the core.
The Path to Mitigation
To mitigate this significant risk, there are two potential avenues of resolution:
1. Microsoft’s Assurance: Microsoft could make a public statement affirming that CrowdStrike’s methods do not violate their rules. Such a statement would reassure businesses and IT teams that there is no imminent threat of certificate revocation.
2. CABForum’s Assurance: The CA/Browser Forum (CABForum), an industry standards group that governs the issuance and management of digital certificates, could validate that CrowdStrike’s practices are within acceptable bounds. This would offer an independent confirmation of compliance, further bolstering confidence among users.
Without these assurances, businesses using CrowdStrike are left to contend with the risk of a sudden service outage if Microsoft decides to pull the plug on their certificate. This looming uncertainty can be detrimental to CrowdStrike’s reputation and operational stability, highlighting the precarious balance of power in this high-stakes game.
The Bigger Picture
This situation encapsulates a broader issue within the cybersecurity and IT landscape. It reflects the profound influence that major players like Microsoft wield over their competitors and the ecosystems that depend on their infrastructure. The power to revoke a code signing certificate is a stark reminder of the underlying dependencies and vulnerabilities that can exist in even the most robust security frameworks.
Conclusion
George Kurtz’s bold stance against Microsoft underscores the competitive and contentious nature of the cybersecurity industry. However, the recent developments have inadvertently placed CrowdStrike in a vulnerable position. The potential revocation of their code signing certificate by Microsoft is a risk that could have catastrophic consequences. To navigate this perilous landscape, CrowdStrike and its customers need clear, unequivocal assurances either from Microsoft or the CABForum. Until such validation is publicly declared, the shadow of operational risk looms large, marking a critical juncture in the ongoing rivalry between these cybersecurity giants.