The July “CrowdStrike incident” may be one of the most catastrophic in Windows history. While the issue affected only organizations that rely on CrowdStrike security solutions, it brought operations to a standstill at stores and airports alike worldwide. Such situations can arise because security vendors have access to the Windows kernel. Now, it seems that Microsoft is working to prevent similar cases to CrowdStrike in the future.
The Windows outage that caused chaos for days in the tech world (or weeks in some cases) in the commercial sector was not Microsoft’s direct fault. The massive rollout of a faulty CrowdStrike update was the root cause. However, since the problem affected Windows-powered businesses, Microsoft stepped in to try to help its customers resolve it as quickly as possible. Since then, executives at Microsoft have requested changes so that similar situations would not happen again in the future.
Microsoft and security vendors in talks to prevent another CrowdStrike incident
The company has been talking with Windows security solution providers. The goal is to enable them to implement their software solutions with a lower level of access to the OS kernel. This would help ensure that a faulty update does not cause a massive Windows outage, as well as make it easier to solve similar situations. David Weston, Microsoft’s vice president of enterprise and OS security, said that “both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with safe deployment practices, can be used to create highly available security solutions.”
It won’t be an easy task, but Microsoft is already taking the first steps. Names like Sophos, Trend Micro, and even CrowdStrike are part of the discussion table. Many cyber security companies developed their solutions with access to the Windows kernel in mind. So, Microsoft would need to offer a platform that makes it easier for them to adapt their solutions to the new limited-access approach of Windows.
Voices for and against an approach with less access to the Windows kernel
Most voices seem to be in favor of the change in progress. Kevin Simzer, Trend Micro’s chief operating officer, said that “Micro applauds Microsoft for opening its doors to continue collaborating with leading endpoint security leaders.” In a similar vein, Joe Levy, the CEO of Sophos, expressed that “it was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem.”
Of course, there are also some voices expressing concern. Matthew Prince, CEO of Cloudflare, believes that the decision on access to the Windows kernel should apply equally to everyone, including Microsoft. This means that the Mountain View giant does not have a competitive advantage in offering its own security solutions for privileged access to key parts of the OS.