Eight million Windows-based computers were disabled last week after the CrowdStrike update. In response, Microsoft said it had met with CrowdStrike and restricted third-party access to the Windows kernel. It is also continuing its efforts to make Windows more resilient.
CrowdStrike permissions removed for Windows kernels
CrowdStrike’s Falcon software uses kernel-level drivers to detect threats in Windows. But this deep access to the system played a big role in last week’s outage. It allowed bugs in the CrowdStrike software to crash Windows machines.
John Cable, Microsoft’s vice president of Windows services and distribution, said in a blog post that the company is taking important steps to improve security. “We will prioritize change and innovation in the area of end-to-end resiliency,” he said, adding that there will be closer collaboration between Microsoft and its partners.
While not explicitly stating its plans, Microsoft said it will emphasize security innovations that do not rely on kernel access. It pointed to new technologies such as Azure Attestation that do not require kernel drivers. This suggests that the company wants to encourage approaches that restrict third-party kernel access.
Such a move could prevent major incidents like CrowdStrike from happening again. But it is also likely to provoke a backlash from security networks that benefit from deep Windows access. Cloudflare, for example, has warned that Microsoft’s move to make Windows more closed could have negative effects.
This process suggests that CrowdStrike’s work on cleaning up the technical glitch is not yet complete. Some airlines like Delta are still dealing with flight cancelations and blue screen errors.
{{user}} {{datetime}}
{{text}}