Microsoft on Thursday shared an update on the progress of its resiliency initiative, triggered by the highly disruptive CrowdStrike incident that occurred last year.
In July 2024, organizations around the world suffered significant service outages after many of their Windows computers that had been running security software from CrowdStrike crashed.
The crash was caused by an improperly tested update pushed out by CrowdStrike to customers’ machines, and the significant impact was the result of the use of kernel drivers, which are commonly leveraged by cybersecurity products in the Windows ecosystem for enhanced detection and response capabilities.
Following the incident, Microsoft announced that it would redesign how endpoint detection and response software interacts with the Windows kernel, to avoid such incidents in the future.
In November 2024, Microsoft launched the Windows Resiliency Initiative (WRI), whose goal is to enhance the resilience and reliability of the Windows platform and make it easier for organizations to prevent, manage and recover from incidents.
Microsoft has since been working with endpoint security vendors such as CrowdStrike, Bitdefender, ESET, SentinelOne, Sophos, Trellix, Trend Micro and WithSecure to find ways to improve reliability but without sacrificing security capabilities.
Microsoft is making changes to Windows, while vendors who take part in the company’s Virus Initiative (MVI) program commit to testing incident response processes and following safe deployment processes for updates.
“Security product updates must be gradual, leverage deployment rings and leverage monitoring to minimize negative impacts,” Microsoft said.
On Thursday, the company announced that starting next month some MVI partners will be provided a private preview of the new Windows endpoint security platform, with capabilities designed to allow them to build solutions that run outside the operating system kernel.
“This means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do. This change will help security developers provide a high level of reliability and easier recovery resulting in less impact on Windows devices in the event of unexpected issues,” Microsoft explained.
Microsoft has also released an e-book designed to provide guidance for other organizations looking to enhance digital resilience.
In addition, it has outlined some of the steps it has taken to prevent disruptive incidents in the future.
The list includes faster computer boots after an unexpected restart, quick recovery tools for PCs that cannot start, a mechanism called Connected Cache to save internet bandwidth during Windows updates, and hotpatch updates that install important Windows security updates once a month without the need to restart.
The tech giant also announced Windows 365 Reserve, which gives users temporary access to a pre-configured Cloud PC when their primary device is not available.
*updated to add Sophos to the list of security vendors working with Microsoft
Related: Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears
Related: Siemens Notifies Customers of Microsoft Defender Antivirus Issue
Related: Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names
