Microsoft is developing new security features for Windows to prevent incidents like the infamous CrowdStrike incident from happening again. The tech giant revealed these plans during a security summit held at its Redmond headquarters in Washington earlier this week. This announcement marks a major shift in how security vendors like CrowdStrike will operate within the Windows ecosystem, focussing on changes that allow vendors to function without needing direct access to the Windows kernel.
The July CrowdStrike incident caused widespread disruption when a faulty software update caused the Blue Screen of Death for millions of PCs and servers. CrowdStrike's software operates at the kernel level—the core of the Windows operating system—which allowed the bug to affect such a large number of systems.
Changes to the Windows kernel
The Windows kernel has long been a concern for security vendors. Due to its unrestricted access to system memory and hardware, any vulnerabilities or errors at this level can result in system-wide issues, as seen during the CrowdStrike disaster. Since then, Microsoft has been vocal about improving Windows' resilience, hinting at a future where security vendors operate outside the kernel to prevent such critical failures.
At the summit, Microsoft revealed that it has been collaborating with major players in the cybersecurity world, including CrowdStrike, Broadcom, Sophos, and Trend Micro, to develop a more secure platform. This platform aims to meet security vendors' needs while reducing the risks associated with kernel-level access. David Weston, Microsoft's vice president of enterprise and OS security, stated that partners and customers have asked for additional security tools that function outside kernel mode, alongside best practices for deploying them safely.
The discussion also discussed performance requirements and security vendors' challenges when working outside the kernel. Weston reassured participants that Microsoft is committed to developing a platform that will enhance reliability without compromising security and that the project will be shaped by continuous feedback from partners in the security industry.
Industry feedback and regulatory concerns
While Microsoft has not officially stated that it will completely lock down access to the Windows kernel, its efforts are heading in that direction. The company attempted a similar move with Windows Vista in 2006 but faced significant backlash from security vendors and regulators. This time, however, the response has been more positive. Sophos CEO Joe Levy praised the summit, highlighting the importance of collaborating with industry peers to improve the robustness of Microsoft Windows and the endpoint security ecosystem.
Similarly, Kevin Simzer, chief operating officer at Trend Micro, applauded Microsoft for fostering open discussions. At the same time, Drew Bagley, vice president of privacy and cyber policy at CrowdStrike, expressed appreciation for Microsoft's efforts to collaborate on building a more resilient Windows security platform.
However, only some people in the cybersecurity space are optimistic about these changes. Cloudflare CEO Matthew Prince raised concerns about Microsoft's potential to lock down kernel access only for third-party vendors while retaining privileged access for its own security products. He warned that such a move would not result in a safer world but instead create an unfair playing field. These concerns were voiced on X (formerly Twitter), where Prince called on regulators to pay attention to Microsoft's potential plans.
Called it. Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world. pic.twitter.com/PR2AnJwpZi
— Matthew Prince 🌥 (@eastdakota) August 23, 2024
To address these concerns, Microsoft invited government officials from the United States and Europe to attend the summit. The company knows the delicate balance required to develop new security measures while addressing regulatory and competitive concerns. This summit is part of a larger overhaul within Microsoft to improve its cybersecurity strategy after years of high-profile security breaches and criticism. Microsoft employees are now being evaluated based on their contributions to the company's security efforts as part of this shift.
What's next for Microsoft and the security industry?
Microsoft's latest efforts signal a significant shift in how Windows will handle security in the future. While there are still many challenges ahead, the collaboration between Microsoft and top security vendors could lead to a more secure and reliable Windows platform, preventing incidents like the CrowdStrike disaster from happening again.
As discussions continue, all eyes will be on Microsoft's next steps in designing this new security platform, with input from both industry leaders and regulators. Whether or not this will lead to the eventual closure of the Windows kernel remains to be seen. Still, one thing is certain: Microsoft is committed to making Windows more resilient without compromising security.
