Microsoft plans September cybersecurity event to discuss changes after CrowdStrike outage

Microsoft said Friday it will hold a conference in September for cybersecurity firms to discuss ways the industry can evolve following a faulty CrowdStrike software update that caused millions of Windows computers to crash in July.

The incident sent internet-connected systems into disarray. Airlines canceled thousands of flights, logistics companies reported package delivery delays and hospitals delayed medical appointments. Delta Air Lines, which said fallout from the outage cost the company $550 million, is seeking damages from CrowdStrike and Microsoft.

Microsoft will meet with CrowdStrike and other security companies at its campus in Redmond, Washington, on Sept. 10 to discuss how to prevent similar issues in the future, a Microsoft executive told CNBC in an interview. The person requested anonymity because they didn't have approval to discuss internal matters publicly.

The executive said participants at the Windows Endpoint Security Ecosystem Summit will explore the possibility of having applications rely more on a part of Windows called user mode instead of the more privileged kernel mode.

Software from CrowdStrike Check Point, SentinelOne and others in the endpoint-protection market currently depend on kernel mode. Such access helps SentinelOne "monitor and stop bad behavior and prevent malware from turning off security software," a spokesperson said.

Applications in user mode are isolated, meaning that if one crashes, it won't bring down others. But an application in kernel mode that fails can cause all of Windows to crash. On July 19, CrowdStrike released a buggy content configuration update for its Falcon sensor for Windows computers, with the intent to gather data on new attacks, prompting crashes at the operating