(Credit: Mondadori Portfolio/Contributor via Getty Images)
Microsoft's legal team has responded to Delta Air Lines' threat of litigation in the wake of the global IT outage last month, where a faulty CrowdStrike update caused millions of Windows computers around the world to suddenly crash, displaying the blue screen of death.
Like CrowdStrike, Microsoft's legal team claims that it made repeated offers of help to Delta in the wake of the outage, but Delta ignored or refused its help. In a letter Microsoft sent to Delta on Tuesday shared by The Verge, Microsoft says its employees reached out to Delta employees every day from July 19—the day of the crash—until July 23. On July 22, a Delta employee rejected Microsoft's offer, stating: "All good."
Microsoft suggests the reason Delta declined and ignored its offers of help was because the IT systems Delta was having the most issues restarting were actually IBM systems not using Windows or Azure. "Our preliminary review suggests that Delta, unlike its competitors, apparently has not modernized its IT infrastructure," Microsoft's counsel says.
Microsoft didn't explain its findings in further detail, so it's currently unclear how exactly the outage might have had a ripple effect on machines not directly running on Windows. CrowdStrike and Microsoft have both previously confirmed that only Windows machines with CrowdStrike's products experienced the simultaneous crash July 19.
Reached for comment, a Delta spokesperson tells PCMag: "Delta has a long track record of investing in safe, reliable and elevated service for our customers and employees. Since 2016, Delta has invested billions of dollars in IT capital expenditures, in addition to the billions spent annually in IT operating costs." Delta did not clarify whether it uses IBM systems, however, and did not speak to the age of its systems.
Microsoft's letter, in which the tech giant says it will "vigorously defend itself" if Delta sues, comes a week after the US airline hired a lawyer to explore potential remediation. Delta CEO Ed Bastian believes the airline has faced $500 million in losses as a result of the IT outage.
Microsoft has spoken repeatedly about the double-edged sword of Windows kernel-level cybersecurity products in the wake of the crash, acknowledging that allowing such access poses huge risk if third-party developers make mistakes. In its letter to Delta, however, Microsoft prides itself on its open platform and reiterated its involvement in vetting developers like CrowdStrike with feedback and sharing best practices.
CrowdStrike has previously admitted that its faulty update managed to pass through multiple rounds of internal testing, but confirmed this again in its own Tuesday update. "This parameter count mismatch evaded multiple layers of build validation and testing, as it was not discovered during the sensor release testing process," CrowdStrike says.
But explanations and apologies aren't enough for some, who faced stress and financial losses of their own due to the CrowdStrike crash. A group of angry US airline passengers filed a lawsuit against CrowdStrike this week, claiming the update that caused the crash was "entirely foreseeable" and alleging negligence, public nuisance, and a violation of California's Unfair Competition Law. CrowdStrike shareholders are also suing the cybersecurity firm because of the crash, alleging that CrowdStrike made "false and misleading" statements about its products.