Microsoft discusses future plans without interruption like CrowdStrike

What you need to know

The massive outage caused by the CrowdStrike bug brought down 8.5 million computers and affected countless people and businesses.
The outage was caused by an update to the CrowdStrike app that contained a bug that could affect PCs because the app had access to the Windows 11 kernel.
In response to the outage, Microsoft is apparently interested in moving away from providing access to the Windows 11 kernel via security software.

The recent CrowdStrike outage brought down 8.5 million computers, affecting millions of people, and potentially costing businesses billions of dollars. The outage, called by many a “digital pandemic,” sparked a response from CrowdStrike, Microsoft, and security experts. The outage was caused by a CrowdStrike bug, and Microsoft is investigating options to prevent similar outages in the future.

“The recent CrowdStrike incident highlights the critical need for resilience for every organization and our unique ability to support the necessary changes,” said Microsoft’s John Cable, vice president of program management for Windows Servicing and Delivery.

CrowdStrike and some other security programs run at the kernel level in Windows 11. This configuration gives security tools like CrowdStrike access to your computer’s memory and parts of the operating system that are normally closed to other applications. This is possible today because access to the kernel allows the program to monitor your system, but it also means that a faulty driver in something like CrowdStrike could cause your computer to crash.

Cable explained that the recent CrowdStrike outage “clearly demonstrates that Windows needs to prioritize change and innovation in the area of end-to-end resilience.” While Cable didn’t specifically say that Microsoft would move security software away from the kernel, the examples he provided are of security methods that don’t require access to the Windows kernel.

The VBS enclaves Cable highlighted do not require kernel access. Microsoft Azure Attestation is another security measure that could protect systems without exposing the computer to the same risks as an application with kernel access.

“These examples leverage modern Zero Trust approaches and demonstrate what can be done to encourage development practices that do not rely on kernel access,” Cable said. “We will continue to build on these capabilities, strengthen our platform, and do even more to improve the resiliency of the Windows ecosystem by working openly and collaborating with the broader security community.”

If Microsoft stopped allowing security apps to access the kernel, a faulty update from CrowdStrike or another app wouldn’t be able to crash computers. Other types of attacks would still be possible, of course, because cybersecurity is incredibly complex, but the specific type of problem that caused CrowdStrike to crash wouldn’t be possible.

What was the CrowdStrike outage?

The CrowdStrike crash was an incident that caused 8.5 million computers to crash and display a “Blue Screen of Death” (BSoD). It grounded planes, caused banking problems, and caused emergency services to be out of commission. It was one of the largest crashes of its type ever to occur, and is likely to have serious consequences across multiple sectors.

The outage was caused by a faulty driver update sent by CrowdStrike, but the problem only affected Windows computers. Because of this, some have dubbed the incidnet “Microsoft outage.” Although Microsoft was not directly to blame for the problem, systems running the tech giant’s operating system were crashing, so Microsoft was forced to look for solutions.

Microsoft released the CrowdStrike data recovery tool, which has since been updated and now supports multiple data recovery methods.

There were a few memes about the CrowdStrike outage, and some people were happy to have an unexpected day off, but the situation was pretty serious. There’s a good chance that the outage affected billions of people, at least indirectly. Businesses also lost money due to the service outage.