Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

CrowdStrike Microsoft

Microsoft plans to redesign the way anti-malware products interact with the Windows kernel in direct response to the global IT outage in July that was caused by a faulty CrowdStrike update. 

Technical details on the changes are not yet available, but the world’s largest software vendor said “new platform capabilities” will be fitted into Windows 11 to allow security vendors to operate “outside of kernel mode” in the interest of software reliability.  

Following a one-day summit in Redmond with EDR vendors, Microsoft vice president David Weston described the OS tweaks as part of long-term steps to serve resilience and security goals. 

“[We] explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11. Windows 11’s improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode,” Weston said in a note following the EDR summit.

The redesign is meant to avoid a repeat of the CrowdStrike software update mishap that crippled Windows systems and led to billions of dollars in losses around the world.

Weston referenced the CrowdStrike incident to underscore the urgency for EDR vendors to adopt what Microsoft calls Safe Deployment Practices (SDP) while rolling out updates to the large Windows ecosystem.

Weston said a core SDP principle covers “the gradual and staged deployment of updates sent to customers” and the use of “measured rollouts with a diverse set of endpoints” and the ability to pause or rollback updates when necessary.

“We discussed how Microsoft and partners can increase testing of critical components, improve joint compatibility testing across diverse configurations, drive better information sharing on in-development and in-market product health, and increase incident response effectiveness with tighter coordination and recovery procedures,” Weston added.

Advertisement. Scroll to continue reading.

At the summit, Weston said Microsoft and partners discussed performance needs and challenges of operating outside of kernel mode, the issue of anti-tampering protection for security products, security sensor requirements and secure-by-design goals for future platforms.

Related: Microsoft Convenes EDR Summit Following CrowdStrike Incident

Related: CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug

Related: CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Related: CrowdStrike Explains Why Bad Update Was Not Properly Tested

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.