Microsoft wants to make changes to Windows after CrowdStrike disaster
Microsoft is helping CrowdStrike fix the problems that began a week ago when 8.5 million computers were taken offline by a flawed CrowdStrike update. Now, Microsoft is calling for changes to Windows to make it more resilient, and it’s willing to block CrowdStrike from accessing the Windows kernel.
CrowdStrike blamed a bug in its testing software for its failed update. At the same time, its software runs at the kernel level (the core part of the operating system that has unrestricted access to system memory and hardware), meaning that if something goes wrong with the CrowdStrike app, it can crash Windows machines with a blue screen of death.
CrowdStrike’s Falcon uses a special definition that allows it to run at a lower level than most applications so it can detect threats in Windows. Microsoft tried to restrict third-party access to the Windows Vista kernel in 2006, but was met with resistance from cybersecurity firms and EU regulators.
However, Apple managed to lock down macOS in 2020, preventing developers from accessing the kernel. Now, it seems Microsoft wants to reopen talks about restricting kernel-level access within Windows.
Microsoft Vice President John Cable said in a post that the company has hired more than 5,000 support engineers working 24/7 to help clean up the mess created by the CrowdStrike update and hinted at Windows changes that could help.
“This incident clearly demonstrates that Windows must prioritize change and innovation in the area of overall resilience,” Cable wrote. “These improvements must go hand in hand with ongoing security improvements and be made in close collaboration with our many partners, who also care about Windows security.
Cable pointed to VBS and Azure Attestation as examples of products that can keep Windows secure without having to access the kernel level, as most Windows-based security products do now.