Microsoft Calls for Windows Kernel Access Restrictions Following Major CrowdStrike Outage

Published: Jul 29, 2024

Windows 11 2022 Update

SHARE ARTICLE

Key Takeaways:

  • Microsoft is considering changes to Windows that would restrict third-party cybersecurity vendors from accessing the Windows kernel following the recent CrowdStrike outage.
  • Microsoft has deployed over 5,000 IT support engineers to mitigate the issue for affected customers.
  • Microsoft emphasizes the need for close cooperation with partners and the broader security community.

Microsoft has hinted at some important changes to Windows aimed at preventing cybersecurity vendors from accessing the Windows kernel. In response to the recent CrowdStrike update fiasco, the company mobilized over 5,000 IT support engineers to assist affected customers in mitigating the widespread impact.

According to CrowdStrike, the faulty sensory configuration update was released to its Falcon Platform on July 19. This software update caused a massive IT outage, leading to millions of Windows systems crashing with the infamous blue screen of death (BSOD) error messages. The outage affected TV networks, call centers, healthcare, banks, financial systems, and other critical systems worldwide.

What caused the CrowdStrike outage?

CrowdStrike attributed the issue to a bug in their testing software, which failed to properly validate the content update for its Falcon software. Falcon uses a special driver that operates at the kernel level to detect malicious behavior across the Windows operating system. While these kernel drivers are designed to enhance performance and prevent tampering with security solutions, they can also negatively impact the resilience of Windows devices.

To address this issue, Microsoft tried to restrict third-party apps from accessing the kernel in Windows Vista back in 2006. However, this decision faced backlash from cybersecurity companies and European Commission regulators. In Windows 11, Microsoft has also introduced several security features, including TPM 2.0 protection, Secure Boot, and Virtualization-Based Security (VBS).

Microsoft urges partner collaboration to strengthen Windows security

In a recent blog post, Microsoft reiterated the importance of restricting kernel-level access on Windows machines. The company emphasized that closer cooperation with partners and the community is essential to enhance the resilience of the Windows ecosystem.

“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” said Microsoft VP John Cable. “These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.”

Microsoft didn’t specifically specify the exact security improvements that might be made to Windows. However, the company highlighted that the Azure Attestation service and VBS enclaves are examples of recent security innovations that can keep Windows secure without needing kernel-level access.

“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access,” Cable added. “We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

Finally, Microsoft has emphasized its ongoing efforts to incorporate Rust into the Windows kernel as part of its Secure Future Initiative (SFI). The company has also pledged to restructure its cybersecurity governance model to enhance its focus on security.

Last week, CrowdStrike announced several improvements to its internal testing and deployment procedures to prevent future massive outages. These changes include more thorough testing of updates and a staggered rollout of Rapid Response Content updates. This approach aims to gradually test updates with a smaller group of users before a broader deployment across all Windows systems.

SHARE ARTICLE