Nothing in that wording says that Microsoft can't restrict access to kernel modules, as long as they don't give their own product an exception to that restriction. They had the choice to give Windows APIs that allow to implement such software in a safer way and use them for their own product, but choose not to.
"Microsoft shall ensure on an ongoing basis and in a Timely Manner that the APIs in the Windows Client PC Operating System and the Windows Server Operating System that are called on by Microsoft Security Software Products are documented and available for use by third-party security software products"
Everything is an API. This means they cannot restrict access to the underlying kernel.
> They had the choice to give Windows APIs that allow to implement such software in a safer way
An indirect method would still inevitably have a potential issue. If a third-party vendor made a mistake, it's the third-party vendor's fault - in this case CRWD.
You can create an appropriate API to run the code outside the kernel. Nobody is forcing MS to run everyone's the security code in the kernel, MS choose to (because it's easier). The law is about fairness and equal access for all. Apple and Linux have shown alternatives.
Sure, it's safer if only a single vendor is allowed to do this but it's also unfair.
> that are called on by Microsoft Security Software Products
Nothing says that Microsofts Security Software needs to be implemented in a way that runs in the kernel, which is inherently more vulnerable. Other platforms have APIs for security software to hook into kernel actions without directly running in kernel space (Windows does too, but to my understanding more limited to logging, not intercepting activity, and hence limited in usefulness).
Hence the claim that it was impossible for Microsoft to prevent this is false. That doesn't mean they take all the blame for someone elses mistake, but it still means that they made a choice leading to it: Deciding that security software, whoever made it, running in kernel modules was the way to do it.
