Microsoft ‘assessing’ how far it can go to prevent another CrowdStrike-like outage

Microsoft is developing new security features for Windows, which aims to prevent common failures such as those caused by a faulty CrowdStrike update in July. The company recently organized security peak with industry partners to discuss potential changes that would enable security software to run outside the Windows kernel.
The proposed changes are the result of an incident in which a CrowdStrike software update accidentally brought down 8.5 million Windows computers and servers. The update exploited kernel-level access to CrowdStrike software, which allows security software unrestricted access to system memory and hardware.
“Both our customers and ecosystem partners have asked Microsoft to provide additional security capabilities outside of the kernel,” said David Weston, vice president of enterprise and operating system security at Microsoft. The company is in the early stages of designing a new security platform that could eventually remove vendors like CrowdStrike from the kernel.
While Microsoft doesn’t explicitly say it will close access to the kernel, the move signals a significant change in Windows’ security architecture. The company has recently tried to limit access to the kernel in Windows Vista in 2006, but met resistance from cybersecurity vendors and regulators.
This time around, security vendors seem more open to change. Representatives from Sophos, Trend Micro, and CrowdStrike have all expressed appreciation for Microsoft’s collaborative approach. But some industry figures, such as Cloudflare CEO Matthew Prince, have raised concerns about potential antitrust implications if Microsoft were to lock down the kernel while maintaining privileged access to its own security offerings.
Short-term solutions discussed at the summit include developing common best practices for secure deployment, increased testing of key components, improved compliance testing and better information sharing on product status.
The security overhaul comes as part of broader changes at Microsoft, where the company now links employee performance reviews to security efforts. Microsoft also invited government officials from the U.S. and Europe to the summit, acknowledging potential regulatory concerns about the changes.
As Microsoft moves forward with its plans, the company emphasizes continued collaboration with security vendors to “achieve the goal of increased reliability without sacrificing security.” The company will continue to design and develop new platform capabilities with ecosystem partners, balancing the need for increased system stability with robust security measures.