Microsoft to Enhance Windows Resilience After CrowdStrike Update Issue

Highlights

• CrowdStrike’s buggy update impacted 8.5 million PCs due to kernel-level access.
• Microsoft plans to prioritize end-to-end resilience and closer collaboration with security partners.
• Potential improvements include VBS enclaves and Azure Attestation service to reduce reliance on kernel access.
• Balancing system resilience and security vendor needs remains a critical challenge for Microsoft.

Microsoft is addressing the recent CrowdStrike update issue that affected 8.5 million PCs.

The company is now suggesting changes to Windows and hinting at making the operating system more resilient.

This could potentially limit security vendors’ access to the Windows kernel.

The CrowdStrike Problem

CrowdStrike’s recent buggy update caused widespread issues because its software operates at the kernel level – the core of the operating system.

This level of access means errors can cause serious problems, like Blue Screens of Death.

Microsoft’s Response John Cable, vice president of program management for Windows servicing and delivery, stated in a blog post, “This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience.” He called for closer collaboration with partners to enhance Windows security.

Potential Changes

While not specifying exact improvements, Microsoft hinted at new directions:

1. VBS enclaves feature: This doesn’t require kernel mode drivers for tamper resistance.
2. Azure Attestation service: An example of recent security innovations.

Cable explained, “These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access.” He added, “We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

Microsoft attempted to restrict kernel access in Windows Vista in 2006 but faced opposition from security vendors and EU regulators.

In contrast, Apple successfully locked down macOS kernel access in 2020.

Any changes to Windows kernel access will require careful consideration.

Cloudflare CEO Matthew Prince has warned about potential negative effects of Microsoft locking down Windows further.

Microsoft needs to balance improving system resilience with the needs of security vendors who rely on kernel-level access.

The company suggests it’s open to collaboration, but the path forward may involve significant changes to how security software interacts with Windows.

FAQs

What caused the recent issues with CrowdStrike updates?

The recent CrowdStrike update issues were caused by its software operating at the kernel level, leading to widespread problems like Blue Screens of Death.

How is Microsoft responding to the CrowdStrike update issue?

Microsoft is suggesting changes to Windows to enhance end-to-end resilience, potentially limiting security vendors’ access to the Windows kernel and collaborating more closely with partners.

What potential changes is Microsoft hinting at?

Microsoft is hinting at introducing features like VBS enclaves, which don’t require kernel mode drivers for tamper resistance, and leveraging the Azure Attestation service for security improvements.

Why is kernel-level access a concern for Microsoft?

Kernel-level access is a concern because it can cause severe system issues if there are errors in the software, highlighting the need for more resilient and secure operating system practices.

What challenges does Microsoft face in limiting kernel access?

Microsoft needs to balance improving system resilience while considering the needs of security vendors who rely on kernel-level access, ensuring any changes are carefully implemented.

Also Read: Microsoft and CrowdStrike Update: Global IT Outage Triggers Major Disruptions Across Sectors

Also Read: The Great Windows Crash of 2024: CrowdStrike Update Causes Global Chaos