CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

After CrowdStrike Outage, Microsoft Debuts ‘Quick Machine Recovery’ Tool

Microsoft debuts Quick Machine Recovery tool to apply fixes even when machines are unable to boot, without needing physical access.

CrowdStrike Root Cause Analysis

Microsoft used the spotlight of its Ignite conference this week to introduce a new Quick Machine Recovery tool to help organizations remotely rebuild computer systems after major crises like the CrowdStrike outage earlier this year.

The software maker said the feature will enable IT administrators to execute “targeted fixes” from Windows Update, even when machines are unable to boot, without needing physical access to the PC. 

It is a direct response to the CrowdStrike Falcon sensor crash that blue-screened millions of Windows machines around the world and caused major delays as IT staff struggled to manually fix broken computer systems.

“This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past,” Microsoft said of the Quick Machine Recovery planned for release into the Windows Insider Program community in early 2025.

Redmond’s Windows OS engineers are already redesigning the way anti-malware products interact with the Windows kernel and plans to fit “new platform capabilities” into Windows 11 to allow security vendors to operate “outside of kernel mode” in the interest of software reliability.  

Following a one-day summit in Redmond with EDR vendors earlier this year, Microsoft vice president David Weston said the plan is to provide more security capabilities to solution providers outside of kernel mode.

At Ignite this week, Microsoft said anti-malware vendors is being asked to adopt Safe Deployment Practices, which means that all security product updates must be gradual, leverage deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum. 

“This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025,” Microsoft said.

Advertisement. Scroll to continue reading.

The company also touted security goodies built into the new Windows 11 PCs, including Copilot+ PCs, that are now enabled by default with additional protections added to significantly reduce the potential for attacks. 

These security features include Credential Guard, vulnerable driver block list, Local Security Authority (LSA) protection now enabled by default for new consumer devices, and BitLocker enabled by default on most modern systems. 

In addition, Microsoft announced insecure code and crypto algorithms have been removed, and kernel attack surfaces, like Tool Tips, have been moved to user mode.

Related: CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Related: Microsoft Redesigning EDR Vendor Access to Windows Kernel

Related: CrowdStrike Overhauls Testing and Rollout to Avoid System Crashes

Related: CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.