Wall Street Journal: Microsoft says it cannot wall off its OS due to a 2009 deal with the EC to give security software makers the same level of access to Windows that Microsoft gets — Global outage on Windows machines caused by CrowdStrike highlights Microsoft’s security challenges
Then make sure no auto updates without a sysadmins ok. Not rocket science.
The whole point to Endpoint Protection is to quickly and easily send updates to block currently exploited vulnerabilities to the systems most likely to be affected. Adding a delay for in-house QA testing (and the associated costs) doesn’t make any sense.
I think it’s very unrealistic to expect all sysadmins to spot uninitialized memory access in all software they don’t produce. This calls for independent software testing at scale which is more elaborate than just pushing the responsibility to sysadmins.