Microsoft is introducing plans to improve Windows security after the CrowdStrike incident in July, which affected 8.5 million PCs and servers. This incident, triggered by a faulty update from CrowdStrike's kernel-level software, caused systems to crash with the infamous Blue Screen of Death (BSOD). In response, Microsoft is working on moving security operations outside the Windows kernel to prevent future disruptions.
The Windows Kernel Access Issue
At the heart of the problem is the Windows kernel, the core part of the operating system that has unrestricted access to system memory and hardware. CrowdStrike's software, which runs at the kernel level, was responsible for the BSOD due to a faulty update, illustrating the risks of allowing third-party security software to operate within such a sensitive part of the OS.
Since then, Microsoft has been under pressure to improve Windows resilience and find a way to prevent third-party software errors from affecting critical system functions.
Microsoft’s New Approach: Security Outside the Kernel
Microsoft hosted a security summit at its headquarters in Redmond, Washington, where it discussed the future of Windows security with key partners, including CrowdStrike, Broadcom, Sophos, and Trend Micro. The company’s goal is to design a platform that enables security vendors to operate outside the Windows kernel, ensuring more reliable and resilient systems.
David Weston, Microsoft's VP of enterprise and OS security, stated that this shift would allow vendors to build secure solutions without needing to interact with the kernel, reducing the risks of critical system failures.
Industry Collaboration and Next Steps
Microsoft is actively collaborating with security vendors to develop this new security platform. The company has engaged in discussions with these vendors about their performance needs and anti-tampering requirements. This new platform is intended to offer enhanced security while maintaining the system's performance and reliability.
While Microsoft has yet to confirm a complete lockdown of the Windows kernel, the discussions suggest that future versions of Windows may limit kernel access, something Microsoft previously attempted with Windows Vista in 2006. This time, however, there is more industry support for the idea, with security vendors like Sophos welcoming the collaboration.
Conclusion: A Step Toward More Reliable Security
Microsoft’s plan to move security vendors out of the Windows kernel is aimed at preventing incidents like the CrowdStrike disaster from happening again. By working closely with security partners, Microsoft hopes to strengthen endpoint security while avoiding the system crashes caused by kernel-level software issues. While the changes are still in development, the industry appears ready for a new approach to Windows security.