Microsoft to make Windows more resilient to CrowdStrike-like incidents
Microsoft on Thursday announced plans to make Windows more resilient to incidents caused by security vendors, such as the global outage caused by CrowdStrike earlier this year, which knocked millions of Windows computers offline for more than a day. At a security summit hosted by the company, the Windows maker said it would help security vendors adapt their solutions to operate outside of kernel mode on Windows, which provides a higher level of access to the system along with more advanced functionality.
In a statement issued following the recently concluded Windows Endpoint Security Ecosystem Summit, Microsoft said said that there was talk of creating new platform capabilities on Windows that would allow security vendors to offer more features outside of the Windows kernel, which would in turn improve the security of the operating system.
Existing Windows security solutions use software that runs at the Windows kernel level, giving these apps a greater level of access to the system than regular applications. They can also scan other apps that are loaded into memory to catch security threats or modify system files if necessary.
While kernel-level access is advantageous for security vendors, a poorly configured software update can have detrimental effects on systems, such as the update CrowdStrike rolled out in July that led to a massive global outage. To protect customer devices from these incidents, Microsoft should ensure that these security vendors operate outside of the Windows kernel.
During Microsoft’s Security Summit, the company discussed security vendor requirements and key challenges in implementing a more secure Windows environment while allowing those companies to continue to offer security features. These include potential performance issues and challenges outside of kernel mode, sensor requirements and anti-tampering protections, the Windows maker said.
“As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of improved reliability without compromising security,” Microsoft said Thursday.