The recent buzz in the cybersecurity realm was palpable as Microsoft reiterated its commitment to security, declaring it as their “top priority.” This week, the tech giant revisited its Secure Future Initiative (SFI), shedding light on the measures being implemented to bolster the security of Windows systems.
Windows Resiliency Initiative
In a post that subtly referenced the tumultuous events of July without naming the infamous CrowdStrike incident, Microsoft unveiled the “Windows Resiliency Initiative.” This initiative aims to address the vulnerabilities exposed during that period, which many administrators might liken to the challenge of “nailing jelly to a wall.” The initiative’s focus is multifaceted, emphasizing the importance of enabling more applications and users to operate without administrative privileges, instituting stricter controls over permissible applications and drivers, and enhancing identity protection to thwart phishing attempts.
While these objectives are commendable, they raise questions about why such measures were not prioritized sooner. The SFI has been in place for over a year, and in September 2024, Microsoft proudly reported that it had allocated 34,000 full-time engineers to this initiative. With such a substantial workforce dedicated to security, one might ponder the extent of vulnerabilities that still exist.
The events of July have underscored certain architectural weaknesses within the ecosystem. The reliance on kernel-mode code by some cybersecurity vendors has proven to be a precarious choice, contributing significantly to the issues faced during the CrowdStrike debacle. In response, Microsoft is rolling out a new feature called Quick Machine Recovery, designed to assist administrators in recovering machines that fail to boot, thereby eliminating the need for hands-on hardware intervention. This feature is expected to be available to Windows Insiders in early 2025.
However, the primary objective remains to prevent enterprises’ Windows devices from reaching such a critical state. To achieve this, Microsoft reiterated its commitment to opening up more of Windows, allowing vendors to operate in user mode rather than delving into the riskier kernel level. Additionally, the company discussed the adoption of Safe Deployment Practices, which mandate that all security product updates be implemented gradually, utilizing deployment rings and continuous monitoring to minimize any adverse effects from updates.
Looking ahead, it will take until July 2025—one year after the CrowdStrike incident—before Microsoft will offer a private preview of these new capabilities. In the meantime, other features currently in preview include Administrator Protection, which allows users to maintain standard permissions while granting temporary rights when necessary, and Hotpatch in Windows, a groundbreaking feature that enables critical security updates to be applied without requiring a system restart.
