Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Microsoft’s Plan to Secure Millions of Windows Machines Post-CrowdStrike

A kernel conundrum.
Michelle Harris
Contributing Writer

In the wake of a significant CrowdStrike update failure that caused widespread system crashes on millions of Windows machines, Microsoft has published a detailed analysis of the incident. This analysis not only confirms CrowdStrike’s findings but also outlines Microsoft’s approach to safeguarding millions of Windows devices moving forward.

CrowdStrike, known for its Falcon software operating at the kernel level, identified the issue as a rare bug in their testing software. This event has opened up a conversation about how best to manage kernel-level access for third-party security tools. David Weston, Microsoft’s Vice President of Enterprise and OS Security, highlights the importance of kernel-mode drivers for security tools and discusses the safety measures Windows provides for third-party solutions like CrowdStrike.

The incident also sparked a discussion about potential changes to Windows’ security architecture. Microsoft hints at future updates that could involve limiting security vendors’ access to the Windows kernel, aiming to enhance system resilience and stability.

With a focus on improving security while balancing performance and tamper resistance, Microsoft’s new measures aim to enhance the overall reliability and resilience of Windows systems.

Why it matters: The ongoing discussions about kernel-level access are pivotal for shaping the future of Windows security. Ensuring system stability while maintaining effective security features involves balancing the needs of both the operating system and third-party vendors. Microsoft’s potential reforms could lead to significant changes in how security tools integrate with Windows, influencing broader cybersecurity practices.

  • CrowdStrike Incident Overview: A faulty update from CrowdStrike led to widespread system crashes, highlighting the risks of kernel-level access in security software. The issue stemmed from a read-out-of-bounds memory safety error in the CSagent.sys driver.
  • Microsoft’s Proposed Security Enhancements: In response, Microsoft is considering changes to how kernel access is managed, proposing features like VBS enclaves that operate without kernel-mode drivers. These measures align with modern Zero Trust security principles, aimed at increasing system resilience.
  • Historical Perspective and Comparison: Microsoft’s previous attempts to restrict kernel access with Windows Vista faced resistance, while Apple’s successful lockdown of the macOS kernel sets a precedent. These historical insights inform the current debate on balancing security and functionality.
  • Future Directions: Microsoft acknowledges the importance of collaboration with the security community to enhance the Windows ecosystem’s resilience. The company remains committed to developing new security capabilities and ensuring transparent communication with stakeholders.

Go Deeper -> CrowdStrike—How Microsoft Will Protect 8.5 Million Windows Machines – Forbes.com

Microsoft calls for Windows changes and resilience after CrowdStrike outage – The Verge

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters