- Microsoft has formed a new Windows Resiliency Initiative to prevent CrowdStrike-like disruptions in the future.
- The Redmond giant is preparing a new framework to keep security vendors out of the kernel mode.
- Microsoft is also improving the recovery process so that affected systems can go online quickly.
In July 2024, a CrowdStrike update caused Windows systems to crash, resulting in a catastrophic failure around the world. Soon, it was found that a faulty driver update by CrowdStrike caused the issue. The incident demonstrated that allowing kernel-level access to third-party security vendors has enormous risks, and it needs to be fixed.
Now, Microsoft has formed a new Windows Resiliency Initiative to keep security vendors out of the kernel mode. New improvements coming to the Windows platform will have controls that will allow the user to choose what apps and drivers can run. Apart from that, Microsoft will help antivirus programs to work outside of the kernel mode.
Notably, Microsoft is making core changes to Windows to make recovery easier, after a crash. Microsoft has developed a new Quick Machine Recovery feature that will allow IT administrators to remotely fix systems, even when they are unable to boot. It uses advancements from the Windows Recovery Environment to mitigate the issue.
Microsoft says an update can be pushed to the Recovery Environment which will delete the buggy file and allow the system to boot normally. The Redmond giant is also asking security vendors, who are part of the Microsoft Virus Initiative, to take proactive steps to enhance security and reliability on Windows.
For example, security vendors should do proper testing before deployment, do gradual rollouts, and monitor the deployment. Apart from that, Microsoft is also developing a framework that will allow security vendors to scan the system outside the kernel. Microsoft is also bringing Administrator Protection so that admin privileges are temporarily granted on Windows.