CrowdStrike Archives

Tech Optimizer

March 19, 2026

How AI And Hacking Professionalism Are Overwhelming Endpoint Security

The digital landscape is transforming due to the professionalization of cybercrime, which is now a significant part of organized crime, second only to drug trafficking. Malware includes various types such as viruses, browser hijackers, password stealers, Trojans, botnet malware, and ransomware. Traditional antivirus solutions rely on signature-based detection, heuristic analysis, and behavior monitoring, but these methods can lead to false positives and negatives. The evolution of cybersecurity has seen the rise of "Ransomware-as-a-Service" (RaaS) and the use of polymorphic malware that changes its signature, making traditional defenses ineffective. Hackers are also using AI and machine learning to evade behavioral monitoring. New defense strategies include Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), which focus on monitoring for breaches rather than preventing them. Leading vendors in this space include CrowdStrike, SentinelOne, Microsoft, and Palo Alto Networks. The zero trust security framework treats all access attempts as potentially hostile and emphasizes the integration of various security technologies. Emerging startups like FinalAV Security are developing zero trust solutions for consumers and small businesses, focusing on prevention rather than detection.

Winsage

February 19, 2026

From Marquette to Microsoft: This alumnus leads global communications for over a billion Microsoft devices

A representative from Marquette University visited University of Detroit Jesuit High School during Chris Morrissey’s junior year, shortly after Marquette’s men’s basketball team won the national championship in 1977. Morrissey decided to attend Marquette, influenced by friends with siblings enrolled there. He has had a diverse career, moving from the automotive sector to chemicals, and is currently the senior director of communications for Windows and devices at Microsoft. Morrissey worked the midnight shift at the downtown Hilton during college, which allowed him to complete homework and read major newspapers. His interest in technology began at Chrysler, where he embraced new PCs while others were hesitant. At Microsoft, he manages a team that handles communications for Windows device updates and features, emphasizing the global impact of their work. Recently, his team addressed a crisis involving a cybersecurity issue affecting Windows devices, focusing on customer support. Morrissey credits his Marquette education with teaching him to prioritize others in crisis situations. He has also become involved in community service in Seattle, volunteering at food banks and serving on the board of North Helpline. As a father and grandfather, he values the growth mindset he sees in his children.

Winsage

February 11, 2026

Microsoft dials up the nagging in Windows, calls it security

Microsoft is introducing new security features for its Windows operating system, including "Windows Baseline Security Mode" and "User Transparency and Consent." The Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to operate, with options for users to override these safeguards for legacy applications. The User Transparency and Consent feature will require explicit user consent for applications accessing sensitive resources, moving away from the current User Account Control prompts. Microsoft aims to enhance user security and privacy while providing clear and actionable notifications. CrowdStrike's Chief Technology Innovation Officer expressed support for this initiative, emphasizing the importance of user consent settings for security software effectiveness. Microsoft has a history of security initiatives, including the Secure Future Initiative, and plans to hold applications and AI tools to higher transparency standards. The rollout of these updates will occur in phases, although no specific timeline has been provided.

Tech Optimizer

January 22, 2026

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware

A large-scale campaign is exploiting the truesight.sys Windows security driver from Adlice Software’s RogueKiller antivirus to disable endpoint detection and response (EDR) and antivirus solutions, facilitating the deployment of ransomware and remote access malware. This attack utilizes over 2,500 validly signed variants of the driver, allowing attackers to manipulate legacy driver signing rules to load pre-2015 signed drivers on Windows 11 machines. The vulnerable TrueSight driver exposes an IOCTL command that enables attackers to terminate security processes, providing them with kernel-level access to bypass user-mode protections. The infection chain typically starts with phishing emails or compromised sites, leading to the installation of a downloader that retrieves additional malicious components. The malware establishes persistence and deploys an EDR killer module targeting nearly 200 security products. Once defenses are disabled, the final payload, often a remote access trojan or ransomware, executes with minimal visibility, completing the attack in as little as 30 minutes.

Winsage

January 1, 2026

Windows Reborn: Microsoft Moves Copilot into the Kernel, Launching the Era of the AI-Native OS

Microsoft is transitioning its Windows operating system to an "AI-native" platform, embedding AI capabilities directly into the Windows kernel, marking a significant architectural shift not seen in three decades. This new approach, called the "Agentic OS," allows AI to manage files, system settings, and workflows proactively. The updated kernel, partially rewritten in Rust, includes a new NPU-aware scheduler that treats the Neural Processing Unit as a primary resource. Microsoft has introduced "Agent Workspace" and "Agent Accounts" for autonomous agents, ensuring actions are logged and audited for compliance. Communication between agents and the system is facilitated by the Model Context Protocol (MCP). Hardware requirements for the new OS have increased, with benchmarks set for NPUs achieving 80 to 100 TOPS. Major PC manufacturers are adjusting their portfolios to accommodate "Agentic PCs." The competitive landscape is evolving, with companies like Alphabet and Apple developing their own AI-native platforms. The introduction of the AI-native kernel raises privacy and security concerns, with Microsoft implementing measures to restrict third-party access to the kernel. Future updates may include "self-healing" capabilities and "Cross-Device Agency," leading to a more integrated personal AI experience.

Tech Optimizer

December 30, 2025

Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims

A new threat actor named Crypt4You is promoting a tool called VOID KILLER on underground forums and dark web marketplaces. VOID KILLER is designed as a kernel-level antivirus and endpoint detection response process killer, specifically engineered to bypass existing security defenses. It targets the core of operating systems to dismantle protective barriers, posing a significant challenge to contemporary defensive architectures. VOID KILLER can terminate Windows Defender and around fifty consumer-grade antivirus solutions without detection, utilizing polymorphic build techniques to evade signature-based detection systems. It features automatic User Account Control (UAC) bypass mechanisms and can inject any executable file, making it compatible with various malware families. Custom builds of VOID KILLER are priced at three hundred dollars, and payment is accepted in cryptocurrencies. Organizations using Windows Defender, consumer antivirus software, and advanced EDR solutions face increased risk exposure due to this tool.

Winsage

November 23, 2025

Microsoft Swaps BSOD to Black, Adds Auto-Hide and AI Tools for Reliability

Microsoft is launching an initiative to eliminate the Blue Screen of Death (BSOD) by introducing a new black screen error interface in Windows 11, which will replace the traditional blue backdrop. This redesign aims to modernize the error display and provide actionable insights while removing the frowning face emoji. A new feature called Digital Signage Mode will automatically conceal BSODs on public displays after 15 seconds, preventing prolonged visibility of errors. This mode suppresses all Windows error dialogs and allows systems to reboot or enter recovery without displaying errors, which is crucial for environments like retail and transportation. Microsoft is also enhancing remote recovery tools for IT administrators and promoting proactive measures for error prevention, such as regular driver updates and system scans. The company is collaborating with hardware manufacturers to improve driver compatibility and reduce BSOD incidents. Despite concerns about obscuring underlying issues, Microsoft ensures that all incidents are logged for future review. By 2026, experts anticipate advancements in AI-driven error handling that could eliminate public BSODs entirely. User adoption remains a challenge, particularly among small businesses, and Microsoft is addressing this through educational campaigns. The transition to a black screen has been positively received in consumer spaces, marking a cultural shift away from the blue screen as a symbol of computing errors.

Winsage

November 7, 2025

Microsoft testing faster Quick Machine Recovery in Windows 11

Microsoft is refining its Quick Machine Recovery (QMR) feature and updating Smart App Control (SAC) to enhance user experience by allowing toggling without a complete Windows reinstall. QMR enables IT administrators to address Windows boot failures remotely, eliminating the need for physical intervention. When Windows 11 encounters a startup failure, it automatically enters the Windows Recovery Environment (WinRE), activating the QMR Tool to send crash data to Microsoft and allow administrators to fix boot issues. The latest update changes the recovery process to execute a single scan for boot problems instead of multiple scans. If no immediate fix is found, QMR directs users to suitable recovery options. QMR was introduced in November 2024 as part of the Windows Resiliency Initiative following a significant outage in July 2024. Testing for QMR began in late March, and it is being rolled out to Windows Insiders in the Beta Channel. The Smart App Control feature can now be toggled on or off via Windows Security settings. These enhancements are available to Windows Insiders with the Windows 11 Insider Preview Build 26220.7070 (KB5070300). Additionally, a preview update was introduced to suggest running a memory scan after a Blue Screen of Death (BSOD).

AppWizard

October 30, 2025

Heathrow, NatWest and Minecraft sites down in Microsoft global outage

Websites for Heathrow, NatWest, and Minecraft resumed operations late Wednesday after a global outage linked to Microsoft. The disruption affected numerous websites for several hours, with thousands of users reporting issues. Microsoft acknowledged delays for Microsoft 365 users, particularly with Outlook. By 21:00 GMT, many affected websites were back online after Microsoft rectified a previous update. The Azure cloud computing platform reported a "degradation of some services" starting at 16:00 GMT due to "DNS issues." Other impacted sites included Asda, M&S, and O2 in the UK, as well as Starbucks and Kroger in the US. Despite the outage, NatWest maintained its mobile banking, web chat, and telephone customer services. The Scottish Parliament faced disruptions due to technical issues with its online voting system. Microsoft attributed the outage to "an inadvertent configuration change." Azure accounts for approximately 20% of the global cloud market, and recent outages have highlighted vulnerabilities in modern internet infrastructure.

Winsage

October 22, 2025

Critical Windows SMB vulnerability being actively exploited in attacks

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a critical security vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, which allows attackers to escalate their privileges to SYSTEM level. All versions of Windows Server, Windows 10, and Windows 11 up to version 24H2 are affected. Microsoft addressed this issue in June 2025 during its Patch Tuesday updates. The vulnerability arises from inadequate access control, enabling authenticated attackers to elevate their privileges by deceiving victims into connecting to a malicious server. Information about this vulnerability was public at the time of the patch, but Microsoft has not confirmed any active exploitation. CISA has mandated that U.S. federal agencies must secure their systems by November 10 and encourages the private sector to address the vulnerability as well. Organizations should prioritize installing the June 2025 security updates.