Summarize

Simplifying... Inshort

A flawed update from cybersecurity firm CrowdStrike caused an outage, prompting Microsoft to rethink its security approach.
Apple's macOS was unaffected as it had already restricted kernel access in 2020.
Microsoft, which had tried to limit kernel access in 2006, is now considering similar measures to prevent future outages, while CrowdStrike is enhancing its software resilience.

Was a long read? Making it simpler...

Next Article

Microsoft to upgrade Windows security following CrowdStrike outage

Macs remained unaffected by CrowdStrike outage. Microsoft seeks similar upgrades

By Akash Pandey

Jul 27, 2024

03:12 pm

What's the story

In the wake of the recent CrowdStrike outage that impacted 8.5 million PCs, Microsoft has launched a campaign to bolster the security of its Windows operating system. The tech giant aims to emulate Apple's Mac security by restricting thrid-party kernel access. John Cable, Vice President of Windows Servicing and Delivery, underscored the urgency for this shift in a post on Microsoft's IT blog.

Call for change

Microsoft VP emphasizes need for innovation in security

Cable stressed the necessity of innovation and change, stating, "This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience." He further emphasized the significance of continuous security enhancements and close collaboration with partners who value the security of the Windows ecosystem. Cable cited recent innovations like VBS enclaves and Microsoft Azure Attestation service as modern Zero Trust approaches that do not depend on kernel access.

Outage impact

CrowdStrike outage triggers Microsoft's security overhaul

The CrowdStrike outage was triggered by a flawed update from the cybersecurity company, which operates its software at the kernel level. This unrestricted access to system memory and hardware means that any issues with CrowdStrike's app can result in a system crash, or 'Blue Screen of Death.' Apple successfully secured its macOS operating system in 2020 by preventing developers from accessing the kernel, thereby avoiding impact from the CrowdStrike outage.

Past efforts

Previous attempt to limit kernel access

Microsoft had previously tried to limit third-party kernel access with Windows Vista in 2006, but faced opposition from cybersecurity vendors and EU regulators. Despite the resistance, CrowdStrike has since taken measures to prevent future outages, including enhancing software resilience and increasing testing. The company also plans to give customers more control over Rapid Response Content Updates and add extra validation checks to its Content Validator.

Moving forward

Microsoft's future plans and CrowdStrike's apology

With the latest measures, Microsoft aims to prevent outage incidents in the future by limiting kernel access. However, the company acknowledges that a transition will require significant time and consideration of security vendors' needs and potential regulatory issues. CrowdStrike CEO George Kurtz has apologized for the disruption caused by the outage, confirming that over 97% of affected Windows computers are now back online due to efforts from customers, partners, and CrowdStrike's team.