Microsoft recently hosted the Windows Endpoint Security Ecosystem Summit to address security concerns and improve security capabilities in Windows 11, following a global IT outage caused by a faulty update from CrowdStrike in July.
Description
The summit focused on collaboration between security experts [2], including partners like CrowdStrike [6], Broadcom [6], Sophos [6], and Trend Micro [6], to enhance security capabilities and prevent similar incidents. Plans are underway to move security vendors out of the Windows kernel to improve resiliency and prevent future issues. Discussions at the summit included strategies for enhancing resiliency, protecting critical infrastructure [4], and developing a new platform for security vendors to operate outside of kernel mode [6]. Short-term solutions discussed at the summit included implementing Safe Deployment Practices (SDPs) and improving incident response procedures [7]. Microsoft aims to create a controlled platform for security vendors [1] [6], prioritizing security above all else [1], and collaborating with ecosystem partners to enhance reliability without compromising security [1].
Conclusion
The global IT outage in July caused by a faulty software update for CrowdStrike’s cybersecurity software Falcon affected 8.5 million Microsoft devices [3], leading to significant disruptions across major industries worldwide. Microsoft is committed to enhancing security capabilities and collaborating with partners to ensure the safety and resiliency of mutual customers. The company aims to assist security vendors in operating outside kernel mode on Windows to improve system security and prevent future incidents like the global outage caused by CrowdStrike. Discussions at a recent security summit focused on creating new platform capabilities for security vendors to offer more features outside the Windows kernel [5], with a focus on achieving enhanced reliability without sacrificing security.
References
[1] https://www.windowscentral.com/microsoft/microsoft-wants-to-beef-up-windows-security-to-prevent-crowdstrike-like-fiascos
[2] https://www.neowin.net/news/microsoft-reveals-ideas-to-improve-windows-security-updates-after-the-crowdstrike-incident/
[3] https://www.forbes.com/sites/ariannajohnson/2024/09/12/microsoft-365-outage-thousands-of-users-report-problems-as-microsoft-investigates/
[4] https://www.infosecurity-magazine.com/news/microsoft-prevent-crowdstrike/
[5] https://www.gadgets360.com/laptops/news/microsoft-windows-changes-kernel-security-crowdstrike-outage-6555936
[6] https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike
[7] https://www.scmagazine.com/news/crowdstrike-outage-leads-microsoft-to-plan-more-security-capabilities-outside-of-kernel