Microsoft has blamed EU rules for enabling a faulty security update to cause the world’s biggest IT outage.

The software giant said a 2009 agreement with the European Commission meant it was unable to make security changes that would have blocked the CrowdStrike update that triggered widespread travel and healthcare chaos on Friday.

CrowdStrike’s Falcon system, designed to prevent cyber attacks, has privileged access to a key part of a computer known as the kernel. 

This meant that a faulty update last week resulted in millions of Windows computers and servers being unable to load at all, leading to flight cancellations, contactless payments not working and GP surgeries being unable to make appointments.

Microsoft, which offers its own alternative to CrowdStrike known as Windows Defender, agreed in 2009 to allow multiple security providers to install software at the kernel level amid a European competition investigation.

In contrast, Apple blocked access to the kernel on its Mac computers in 2020, which it said would improve security and reliability.

A Microsoft spokesman told the Wall Street Journal that it was unable to make a similar change because of the EU agreement.