Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident

Share via:


The CrowdStrike catastrophe that took down 8.5 million Windows PCs and servers in July has left many of Microsoft’s biggest customers looking for answers to make sure that such an event never happens again. Now, Microsoft has some answers in the form of a new Windows Resiliency Initiative that’s designed to improve Windows security and reliability.

The Windows Resiliency Initiative includes core changes to Windows that will make it easier for Microsoft’s customers to recover Windows-based machines if there’s ever another CrowdStrike-like incident. There are also some new Windows platform improvements to provider stronger controls over what apps and drivers are allowed to run, and to help allow anti-virus processing outside of kernel mode.

Microsoft has developed a new Quick Machine Recovery feature in light of the CrowdStrike incident that will enable IT admins to target fixes at machines remotely even when they’re unable to boot properly. Quick Machine Recovery leverages improvements to the Windows Recovery Environment (Windows RE).

“In a future event, hopefully that never happens, we could push out [an update] from Windows Update to this Recovery Environment that says delete this file for everyone,” explains David Weston, vice president of enterprise and OS security at Microsoft, in an interview with The Verge. “If there’s one central problem that we need to push to a lot of customers, this gives us the ability to do that from Windows RE.”

Weston has talked to hundreds of customers since the Crowdstrike debacle, and they’re all asking for better recovery tools, improved deployment practices from security vendors, and improved resiliency from Windows itself to ensure the events that transpired in July never repeat themselves.

“Every one of them is saying I owe my board a response on how this doesn’t happen again,” says Weston. Microsoft is now requiring that security vendors that are part of the Microsoft Virus Initiative (MVI) take specific steps to improve security and reliability. These steps include better testing and response processes, alongside safe deployment practices for updates to Windows PCs and servers — including gradual rollouts and monitoring and recovery procedures.

Microsoft has also been working with its MVI partners to enable anti-virus processing outside of the kernel. CrowdStrike’s software runs at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. This deep kernel access allowed a faulty update to generate a Blue Screen of Death as soon as affected systems started up.

“We’re developing a framework that [security vendors] want to use and they’re incentivized to use, now it has to be good enough to fill their use case,” explains Weston. Microsoft is now developing this new framework, and a preview of it will be available in private to Windows security partners in July 2025.

“It’s a significant technical challenge to centralize this and meet everyone’s requirements, but we have really experienced people across endpoint detection and the kernel space,” says Weston. At Microsoft’s Windows Endpoint Security Ecosystem Summit in September the company had kernel architects from the Windows team in attendance to talk directly to security vendors like CrowdStrike about moving scanning outside of the kernel.

Ultimately it’s up to Microsoft to secure Windows down further, and to provide a framework that works well for security vendors, too. “We sort of control physics here. We can change the memory manager or the driver framework, and we don’t have to abide by the rules that a third-party developer would,” says Weston. “That’s why I’m bullish on our ability to execute here.”

The administrator improvements coming to Windows 11.
Image: Microsoft

Alongside the resiliency improvements, Windows 11 is also getting administrator protection soon. It’s a new feature that lets users have the security of a standard user, but with the ability to make system changes and even install apps when needed. Administrator protection temporarily grants admin rights for a specific task once a user has authenticated using Windows Hello and then removes them straight after a system change is made or an app is installed. “Windows creates a temporary isolated admin token to get the job done. This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist,” says Weston.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident


The CrowdStrike catastrophe that took down 8.5 million Windows PCs and servers in July has left many of Microsoft’s biggest customers looking for answers to make sure that such an event never happens again. Now, Microsoft has some answers in the form of a new Windows Resiliency Initiative that’s designed to improve Windows security and reliability.

The Windows Resiliency Initiative includes core changes to Windows that will make it easier for Microsoft’s customers to recover Windows-based machines if there’s ever another CrowdStrike-like incident. There are also some new Windows platform improvements to provider stronger controls over what apps and drivers are allowed to run, and to help allow anti-virus processing outside of kernel mode.

Microsoft has developed a new Quick Machine Recovery feature in light of the CrowdStrike incident that will enable IT admins to target fixes at machines remotely even when they’re unable to boot properly. Quick Machine Recovery leverages improvements to the Windows Recovery Environment (Windows RE).

“In a future event, hopefully that never happens, we could push out [an update] from Windows Update to this Recovery Environment that says delete this file for everyone,” explains David Weston, vice president of enterprise and OS security at Microsoft, in an interview with The Verge. “If there’s one central problem that we need to push to a lot of customers, this gives us the ability to do that from Windows RE.”

Weston has talked to hundreds of customers since the Crowdstrike debacle, and they’re all asking for better recovery tools, improved deployment practices from security vendors, and improved resiliency from Windows itself to ensure the events that transpired in July never repeat themselves.

“Every one of them is saying I owe my board a response on how this doesn’t happen again,” says Weston. Microsoft is now requiring that security vendors that are part of the Microsoft Virus Initiative (MVI) take specific steps to improve security and reliability. These steps include better testing and response processes, alongside safe deployment practices for updates to Windows PCs and servers — including gradual rollouts and monitoring and recovery procedures.

Microsoft has also been working with its MVI partners to enable anti-virus processing outside of the kernel. CrowdStrike’s software runs at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. This deep kernel access allowed a faulty update to generate a Blue Screen of Death as soon as affected systems started up.

“We’re developing a framework that [security vendors] want to use and they’re incentivized to use, now it has to be good enough to fill their use case,” explains Weston. Microsoft is now developing this new framework, and a preview of it will be available in private to Windows security partners in July 2025.

“It’s a significant technical challenge to centralize this and meet everyone’s requirements, but we have really experienced people across endpoint detection and the kernel space,” says Weston. At Microsoft’s Windows Endpoint Security Ecosystem Summit in September the company had kernel architects from the Windows team in attendance to talk directly to security vendors like CrowdStrike about moving scanning outside of the kernel.

Ultimately it’s up to Microsoft to secure Windows down further, and to provide a framework that works well for security vendors, too. “We sort of control physics here. We can change the memory manager or the driver framework, and we don’t have to abide by the rules that a third-party developer would,” says Weston. “That’s why I’m bullish on our ability to execute here.”

The administrator improvements coming to Windows 11.
Image: Microsoft

Alongside the resiliency improvements, Windows 11 is also getting administrator protection soon. It’s a new feature that lets users have the security of a standard user, but with the ability to make system changes and even install apps when needed. Administrator protection temporarily grants admin rights for a specific task once a user has authenticated using Windows Hello and then removes them straight after a system change is made or an app is installed. “Windows creates a temporary isolated admin token to get the job done. This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist,” says Weston.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Indian hair care startup raises $4m series A

Arata plans to use the funds to improve...

Spacecoin XYZ launches first satellite in outer space blockchain...

Spacecoin XYZ has taken its first step in...

These 3 key iOS features are still missing from...

In recent years, iOS and macOS have been...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!