Government Investigates Korea MS Disability Response Measures… Requests to Identify Cause

There is a duty to immediately notify users… Ministry of Science and ICT investigates whether appropriate response is taken
“Delete problem files in safe mode”… KISA announces emergency response measures

The government has begun to investigate the situation as the information and communication technology (IT) service outage by Microsoft (MS) in the United States has affected domestic airline systems and games. The government also plans to investigate whether MS took appropriate measures.

On the 19th, the Ministry of Science and ICT requested Microsoft Korea to identify the cause of the service outage and the extent of the damage.

According to the Cloud Computing Development and User Protection Act, when a failure occurs, cloud service providers are obligated to immediately inform users of the damage and the cause of the failure.

A Ministry of Science and ICT official explained, “The error occurred when CrowdStrike caused a conflict with Microsoft’s Windows 10 operating system (OS) during the process of updating its security program.”

He continued, “If you use the security solution provided by CrowdStrike on a cloud system that uses Windows 10, an abnormal phenomenon may occur.” He added, “As soon as the incident occurred, MS immediately notified users of the service interruption, and we plan to investigate in accordance with the relevant laws whether appropriate measures were taken in response to the interruption.”

He also added, “We investigated a similar case that occurred at Amazon Web Services in the past, and fines should be imposed in case of violation of the law.”

Currently, domestic game companies such as Pearl Abyss and Ragnarok, as well as three domestic low-cost carriers (LCCs) including Jeju Air, Eastar Jet, and Air Premia, and five foreign airlines including Air Premia are experiencing ticketing system failures at Incheon International Airport.

In addition, individual users using MS’s Windows OS also experienced inconveniences. In online communities, there were reports of a failure where a blue screen appeared on the PC screen and the computer would not reboot.

In relation to this, the Korea Internet & Security Agency (KISA) provided response measures through a security notice.

KISA explained, “An abnormal termination phenomenon has occurred in CrowdStrike’s latest Falcon family passive Windows system.”

The emergency measures announced include ▲deleting problematic files in safe mode, ▲changing the name of the CrowdStrike folder in safe mode, and ▲blocking the CSAgent service using the registry editor.

[서울=뉴시스]