In the wake of CrowdStrike's devastating failure in July of this year, Microsoft vowed to do better, even as it claimed the incident was outrageous.
Clearly not wanting to take any chances (or risk further damage to its reliability), the company on Tuesday revealed during Microsoft Ignite 2024 what changes it has made to Windows to prevent similar incidents. I shared what I was doing.
Many of these changes will not go into effect for some time.
Quick Machine Recovery, a new feature released in early 2025, will allow IT administrators to remotely fix certain software even if a Windows machine is unbootable. Microsoft says it is also testing ways to allow security products such as antivirus software to run outside of “kernel mode.” That means it will run like most Windows applications.
Kernel mode changes are scheduled to begin in private preview in July 2025 and will address the root cause of CrowdStrike outages. A flaw in CrowdStrike's Falcon software update caused an issue with the Windows kernel, the core of the Windows operating system, causing affected machines to crash.
“This change will help security developers provide a higher level of security. [and] It makes recovery easier and reduces the impact on Windows in the event of a crash or mistake,” said David Weston, Microsoft vice president of enterprise and OS security, in a blog post shared with TechCrunch.
Microsoft is also previewing Administrator Protection, a feature that allows Windows users without administrator privileges to make changes to their PC's systems as needed. According to Microsoft, Administrator Protection creates a temporary, isolated token that grants a user administrative privileges and immediately revoke the token once the user completes a task.
Prompts displayed to users for administrator protection. Image credit: Microsoft
“With Admin Protection, when changes to the system require administrator privileges, such as installing some apps, users are prompted to securely approve the changes using Windows Hello,” Weston said. explained in the post. (Windows Hello is Windows' biometric authentication system).
“It would also be destructive for attackers, as they would automatically lose direct access to the kernel and other critical system security without specific permissions,” he wrote.
At the IT management level, Microsoft is introducing hot patches in Windows 11 Enterprise 24H2 and Windows 365 Preview. Hot patching involves downloading updates in the background and applying them instantly, eliminating the need to restart the device (and making users less likely to do so). (to postpone).
Microsoft has come under intense scrutiny for its response to the CrowdStrike incident, as well as pressure for failing to prevent hackers with ties to China and Russia from breaching its internal systems. U.S. government agencies have described Microsoft's corporate culture as one that deprioritizes security investments and risk management.
Microsoft CEO Satya Nadella claims that security is now Microsoft's top priority. The company said its 34,000 full-time engineers are revamping its cybersecurity practices and that all employees is now being evaluated based on its contribution to security. The company also appointed more than a dozen deputy chief information security officers to lead product groups.