Microsoft is building new Windows security features to prevent another CrowdStrike incident

Share via:


Microsoft is announcing plans to make changes to Windows that will help CrowdStrike and other security vendors operate outside of the Windows kernel. The announcement stems from a Microsoft-hosted security summit earlier this week at the company’s Redmond, Washington, headquarters, where it discussed changes to Windows in the wake of the disastrous CrowdStrike incident in July.

Windows kernel access has been a hot topic ever since the CrowdStrike catastrophe took down 8.5 million Windows PCs and servers. CrowdStrike’s software runs at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. That’s what allowed a faulty update to generate a Blue Screen of Death as soon as affected systems started up.

In the months since, Microsoft has called for changes to Windows to improve resiliency and dropped hints about moving security vendors out of the Windows kernel to prevent this from happening again. But there’s been pressure on Microsoft, from both partners and regulators, to not move unilaterally in making that change.

Microsoft says it has now “discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors” with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro.

“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with safe deployment practices, can be used to create highly available security solutions,” says David Weston, vice president of enterprise and OS security at Microsoft.

Microsoft has discussed performance needs and the challenges for security vendors to operate outside of kernel mode, along with the need for anti-tampering protection for security products and security sensor requirements. “As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security,” says Weston.

While Microsoft isn’t directly saying it’s going to close off access to the Windows kernel, it’s clearly at the early stages of designing a security platform that can eventually move CrowdStrike and others out of the kernel. Microsoft last tried to close off access to the Windows kernel in Windows Vista in 2006, but it was met with pushback from cybersecurity vendors and regulators.

This time around, security vendors are a lot more open to it. “It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem,” says Sophos CEO Joe Levy in a statement provided by Microsoft.

“I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders,” says Kevin Simzer, chief operating officer at Trend Micro. Even CrowdStrike, the catalyst for this entire summit, was appreciative of Microsoft’s efforts. “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers,” says Drew Bagley, vice president of privacy and cyber policy at CrowdStrike.

Not everyone involved in the security world is happy about Microsoft’s potential changes, though. “Regulators need to be paying attention,” said Cloudflare CEO Matthew Prince on X last month, referencing Microsoft’s Windows security summit. “A world where only Microsoft can provide effective endpoint security is not a more secure world.”

Prince says he’s not concerned about Microsoft potentially locking down the Windows kernel, but more that the company could lock it down “for everyone else” while still giving its own offering “privileged access.” Microsoft also invited government officials from the US and Europe to its security summit because it’s clearly aware of concerns like the ones Prince mentioned.

The summit comes right in the middle of a broader cybersecurity overhaul inside of Microsoft, following years of incidents and criticisms. Microsoft employees are now being judged directly on their security work, with the company tying those efforts to employee performance reviews.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft is building new Windows security features to prevent another CrowdStrike incident


Microsoft is announcing plans to make changes to Windows that will help CrowdStrike and other security vendors operate outside of the Windows kernel. The announcement stems from a Microsoft-hosted security summit earlier this week at the company’s Redmond, Washington, headquarters, where it discussed changes to Windows in the wake of the disastrous CrowdStrike incident in July.

Windows kernel access has been a hot topic ever since the CrowdStrike catastrophe took down 8.5 million Windows PCs and servers. CrowdStrike’s software runs at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. That’s what allowed a faulty update to generate a Blue Screen of Death as soon as affected systems started up.

In the months since, Microsoft has called for changes to Windows to improve resiliency and dropped hints about moving security vendors out of the Windows kernel to prevent this from happening again. But there’s been pressure on Microsoft, from both partners and regulators, to not move unilaterally in making that change.

Microsoft says it has now “discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors” with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro.

“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with safe deployment practices, can be used to create highly available security solutions,” says David Weston, vice president of enterprise and OS security at Microsoft.

Microsoft has discussed performance needs and the challenges for security vendors to operate outside of kernel mode, along with the need for anti-tampering protection for security products and security sensor requirements. “As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security,” says Weston.

While Microsoft isn’t directly saying it’s going to close off access to the Windows kernel, it’s clearly at the early stages of designing a security platform that can eventually move CrowdStrike and others out of the kernel. Microsoft last tried to close off access to the Windows kernel in Windows Vista in 2006, but it was met with pushback from cybersecurity vendors and regulators.

This time around, security vendors are a lot more open to it. “It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem,” says Sophos CEO Joe Levy in a statement provided by Microsoft.

“I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders,” says Kevin Simzer, chief operating officer at Trend Micro. Even CrowdStrike, the catalyst for this entire summit, was appreciative of Microsoft’s efforts. “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers,” says Drew Bagley, vice president of privacy and cyber policy at CrowdStrike.

Not everyone involved in the security world is happy about Microsoft’s potential changes, though. “Regulators need to be paying attention,” said Cloudflare CEO Matthew Prince on X last month, referencing Microsoft’s Windows security summit. “A world where only Microsoft can provide effective endpoint security is not a more secure world.”

Prince says he’s not concerned about Microsoft potentially locking down the Windows kernel, but more that the company could lock it down “for everyone else” while still giving its own offering “privileged access.” Microsoft also invited government officials from the US and Europe to its security summit because it’s clearly aware of concerns like the ones Prince mentioned.

The summit comes right in the middle of a broader cybersecurity overhaul inside of Microsoft, following years of incidents and criticisms. Microsoft employees are now being judged directly on their security work, with the company tying those efforts to employee performance reviews.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Facebook is changing its primary metric to ‘views’

Views will be measured not just on video...

GM’s Cruise to pay $500,000 fine to DOJ, admits...

Cruise, the autonomous vehicle unit of General Motors,...

Matrimony Launches New Platform To Offer Wedding Loans

SUMMARY With WeddingLoan.com, Matrimony will be providing loans in...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!