CrowdStrike supports Microsoft’s request to restrict kernel-level access

“Some events need to be exploited at the kernel level and responded to appropriately, but the entire signature matching process doesn’t need to happen there,” wrote Florian Roth, research lead at Nextron Systems, in an X post. “It can live in another component, limiting the kernel module to only the necessary tasks.”

Ideally, such privileged access should be tightly regulated, ensuring that properly tested, digitally signed software with limited permissions is used,” said Sunil Varkey, advisor at Beagle Security. “Collectively, a new approach to balancing risk with effectiveness is needed.”

Kernel access is a significant vulnerability point because it enables deep system-level interactions that, if exploited, could result in widespread disruption and compromise. By limiting kernel access, Microsoft aims to minimize the potential for such vulnerabilities.