Microsoft Is Changing Windows to (Hopefully) Stop Another CrowdStrike
Cybersecurity
Microsoft is taking steps to increase the security and resilience of the Windows operating system. This follows a major incident involving CrowdStrike software in July that disrupted millions of PCs and servers.
Microsoft recently hosted the Windows Endpoint Security Ecosystem Summit, bringing together security vendors and government officials to discuss ways to improve the overall security landscape. A key takeaway from the summit was the shared responsibility to improve resiliency and transparency around product functionality, updates, and disruption management. Short-term solutions discussed at the summit include the development of shared best practices for Safe Deployment Practices, increased testing of critical components, improved compatibility testing, better information sharing, and tighter incident response coordination. These will hopefully make sure another incident like what happened months ago does not repeat itself.
Microsoft also outlined plans for longer-term improvements to Windows. The company will build on the security investments already made in Windows 11. Microsoft also intends to provide additional security capabilities outside of kernel mode, which Microsoft stated was asked for by partners and their consumers. This move will help security vendors create available solutions while reducing the risks associated with kernel-level operations. In other words, ways to operate without the near-complete freedom kernel-level access gives.
The summit also addressed the importance of customer actions for improving resiliency, such as implementing business continuity planning, major incident response plans, and regular data backups. While Microsoft is not explicitly stating that it will close off access to the Windows kernel, it is clear that they’re attacking the security risks there. The company is creating a security platform that could eventually shift security vendors away from kernel-level operations. This is all to prevent another situation like the CrowdStrike issue, though it remains to be seen if the planned changes will be enough to do that.
Source: Microsoft