Microsoft is building new Windows security features to prevent another CrowdStrike

Microsoft is announcing plans to marque changes to Windows that volition assistance CrowdStrike and different information vendors run extracurricular of the Windows kernel. The announcement stems from a Microsoft-hosted security summit earlier this week astatine the company’s Redmond, Washington headquarters, wherever it discussed changes to Windows successful the aftermath of the disastrous CrowdStrike incidental successful July.

Windows kernel entree has been a blistery taxable ever since the CrowdStrike catastrophe took down 8.5 cardinal Windows PCs and servers. CrowdStrike’s bundle runs astatine the kernel level of Windows — the halfway portion of an operating strategy that has unrestricted entree to strategy representation and hardware. That’s what allowed a faulty update to make a Blue Screen of Death arsenic soon arsenic affected systems started up.

In the months since, Microsoft has called for changes to Windows to amended resiliency and dropped hints astir moving information vendors retired of the Windows kernel to forestall this from happening again. But there’s been unit connected Microsoft, from some partners and regulators, to not determination unilaterally successful making that change.

Microsoft says it has present “discussed the requirements and cardinal challenges successful creating a caller level which tin conscionable the needs of information vendors” with partners similar CrowdStrike, Broadcom, Sophos, and Trend Micro.

“Both our customers and ecosystem partners person called connected Microsoft to supply further information capabilities extracurricular of kernel mode which, on with harmless deployment practices, tin beryllium utilized to make highly disposable information solutions,” says David Weston, vice president of endeavor and OS information astatine Microsoft.

Microsoft has discussed show needs and the challenges for information vendors to run extracurricular of kernel mode, on with the request for anti-tampering extortion for information products and information sensor requirements. “As a adjacent step, Microsoft volition proceed to plan and make this caller level capableness with input and collaboration from ecosystem partners to execute the extremity of enhanced reliability without sacrificing security,” says Weston.

While Microsoft isn’t straight saying it’s going to adjacent disconnected entree to the Windows kernel, it’s intelligibly astatine the aboriginal stages of designing a information level that tin yet determination CrowdStrike and others retired of the kernel. Microsoft past tried to adjacent disconnected entree to the Windows kernel successful Windows Vista successful 2006, but it was met with pushback from cybersecurity vendors and regulators.

This clip around, information vendors are a batch much unfastened to it. “It was a invited accidental to articulation manufacture peers successful an unfastened treatment of advancements that volition service our customers by elevating the resilience and robustness of some Microsoft Windows and the endpoint information ecosystem,” says Sophos CEO Joe Levy successful a connection provided by Microsoft.

“I applaud Microsoft for opening its doors to proceed collaborating with starring endpoint information leaders,” says Kevin Simzer, main operating serviceman astatine Trend Micro. Even CrowdStrike, the catalyst for this full summit, was besides appreciative of Microsoft’s efforts. “We appreciated the accidental to articulation these important discussions with Microsoft and manufacture peers connected however champion to collaborate successful gathering a much resilient and unfastened Windows endpoint information ecosystem that strengthens information for our communal customers,” says Drew Bagley, vice president of privateness and cyber argumentation astatine CrowdStrike.

Not everyone progressive successful the information satellite is blessed astir Microsoft’s imaginable changes, though. “Regulators request to beryllium paying attention,” said CloudFlare CEO Matthew Prince on X past month, referencing Microsoft’s Windows information summit. “A satellite wherever lone Microsoft tin supply effectual endpoint information is not a much unafraid world.”

Prince says he’s not acrophobic astir Microsoft perchance locking down the Windows kernel, but much that the institution could fastener it down “for everyone else” portion inactive giving its ain offering “privileged access.” Microsoft besides invited authorities officials from the US and Europe to its information summit, due to the fact that it’s intelligibly alert of concerns similar Prince’s.

The acme comes close successful the mediate of a broader cybersecurity overhaul wrong Microsoft, pursuing years of incidents and criticisms. Microsoft employees are present being judged straight connected their information work, with the institution tying those efforts to worker show reviews.