Microsoft calls for Windows changes and resilience after CrowdStrike outage

Share via:


Microsoft is still helping CrowdStrike clean up the mess that kicked off a week ago when 8.5 million PCs went offline due to a buggy CrowdStrike update. Now, the software giant is calling for changes to Windows, and has dropped some subtle hints that it’s prioritizing making Windows more resilient and willing to push security vendors like CrowdStrike to stop accessing the Windows kernel.

While CrowdStrike has blamed a bug in its testing software for its botched update, its software runs at the kernel level — the core part of an operating system that has unrestricted access to system memory and hardware — so if something goes wrong with CrowdStrike’s app then it can take down Windows machines with a Blue Screen of Death.

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006, but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel level access inside Windows.

“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” says John Cable, vice president of program management for Windows servicing and delivery, in a blog post titled “the path forward.” Cable calls for closer cooperation between Microsoft and its partners “who also care deeply about the security of the Windows ecosystem” to make security improvements.

While Microsoft doesn’t detail the exact improvements it will make to Windows in the wake of the CrowdStrike issues, Cable does drop a few clues about which direction Microsoft wants to see things go. Cable calls out a new VBS enclaves feature “that does not require kernel mode drivers to be tamper resistant” and Microsoft’s Azure Attestation service as examples of recent security innovations.

“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access,” says Cable. “We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

These hints might kick off a conversation around Windows kernel access, even if Microsoft claims it can’t wall off its operating system in the same way as Apple due to regulators. Cloudflare CEO Matthew Prince has already warned about the effects of Microsoft locking down Windows further, so Microsoft will need to carefully consider the needs of security vendors if it wants to pursue real change.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft calls for Windows changes and resilience after CrowdStrike outage


Microsoft is still helping CrowdStrike clean up the mess that kicked off a week ago when 8.5 million PCs went offline due to a buggy CrowdStrike update. Now, the software giant is calling for changes to Windows, and has dropped some subtle hints that it’s prioritizing making Windows more resilient and willing to push security vendors like CrowdStrike to stop accessing the Windows kernel.

While CrowdStrike has blamed a bug in its testing software for its botched update, its software runs at the kernel level — the core part of an operating system that has unrestricted access to system memory and hardware — so if something goes wrong with CrowdStrike’s app then it can take down Windows machines with a Blue Screen of Death.

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006, but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel level access inside Windows.

“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” says John Cable, vice president of program management for Windows servicing and delivery, in a blog post titled “the path forward.” Cable calls for closer cooperation between Microsoft and its partners “who also care deeply about the security of the Windows ecosystem” to make security improvements.

While Microsoft doesn’t detail the exact improvements it will make to Windows in the wake of the CrowdStrike issues, Cable does drop a few clues about which direction Microsoft wants to see things go. Cable calls out a new VBS enclaves feature “that does not require kernel mode drivers to be tamper resistant” and Microsoft’s Azure Attestation service as examples of recent security innovations.

“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access,” says Cable. “We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

These hints might kick off a conversation around Windows kernel access, even if Microsoft claims it can’t wall off its operating system in the same way as Apple due to regulators. Cloudflare CEO Matthew Prince has already warned about the effects of Microsoft locking down Windows further, so Microsoft will need to carefully consider the needs of security vendors if it wants to pursue real change.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Information technology gets its mojo back with big September...

India’s $250 billion outsourcing industry saw a pickup...

Why Singapore is a magnet for New Zealand innovation

The potential for partnerships, collaboration, and growth between...

Why your inbox is still so bad at blocking...

It’s a little-known fact that before emails reach...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!