Following the CrowdStrike buggy update last week, which affected 8.5 million PCs and caused a Microsoft global outage, the software giant is gearing up for some big changes.
Microsoft has dropped hints that it’s planning to make Windows more resilient and is considering keeping security vendors like CrowdStrike from accessing the Windows kernel.
Although CrowdStrike has blamed the bug in the testing software for the update failure, its software runs on a kernel level. Falcon’s software uses a special driver that allows it to run on lower levels to detect threats across the system.
The software had access to the Windows kernel, so when something went wrong with CrowdStrike’s app, it eventually triggered the ‘Blue Screen of Death’ on Windows PCs.
Microsoft tried to restrict third parties from accessing the kernel in 2006 but received opposition from security vendors and EU regulators. However, Apple successfully achieved that in 2020, and Microsoft seems to be bringing this matter back.
John Cable, vice president of program management for Windows servicing and delivery, said in a blog post, “This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,”
Cable has asked for cooperation from its partners ‘who also care deeply about the security of the Windows ecosystem’ to improve the security systems.
Although it isn’t confirmed which improvements the company is going to make, Cable has dropped some clues hinting at possible future changes. He listed examples of recent security innovations and called out the new VBS enclaves feature “that does not require kernel mode drivers to be tamper-resistant” and Microsoft’s Azure Attestation service.
He said, “These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access.”
However, Cloudflare CEO Matthew Prince has already warned Microsoft about the effects of preventing kernel access, so Microsoft might have to reconsider the position of security vendors.
