eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Microsoft has embarked on a transformative journey with the introduction of the Windows Resiliency Initiative, aimed at bolstering the security and reliability of its operating system. This initiative emerges in response to the significant CrowdStrike outage that affected over 8 million Windows PCs and servers, resulting in staggering losses estimated at .4 billion during the summer. The tech giant is keenly aware of the need to restore user confidence and prevent such incidents from recurring.
Why the Need for the Resilience Initiative?
As cyber threats evolve in sophistication, Microsoft has recognized the imperative to enhance the protective measures surrounding Windows systems. The Windows Resiliency Initiative was unveiled at the Ignite 2024 conference, focusing on preventing future outages and fortifying security features against potential exploits that could compromise users’ personal data. David Weston, VP of enterprise and OS security, emphasized the company’s commitment to maintaining Windows as a reliable and resilient platform for its customers.
Key Components of the Initiative
The initiative encompasses four pivotal areas:
- Learning from Past Incidents: Microsoft aims to improve reliability by applying lessons learned from previous outages.
- Reducing Administrative Privileges: Users will default to standard accounts, minimizing the risk of unauthorized access.
- Stronger Controls for Apps and Drivers: Enhanced verification processes will ensure only trusted applications can operate on the system.
- Improving Identity Protection: Advanced technologies will be deployed to safeguard user accounts against phishing attacks.
Strengthening Reliability
In light of the challenges faced during the July outage, Microsoft is introducing the Quick Machine Recovery feature. This innovation allows IT administrators to remotely diagnose and repair devices that may be compromised or unable to boot, significantly reducing downtime and potential data loss. Notably, administrators will no longer need physical access to machines for Windows Updates, streamlining the recovery process.
Reducing Administrative Privileges
Recognizing that attackers often target systems with elevated privileges, Microsoft has developed a new feature called administrative protection. By default, users will now operate under standard accounts, limiting the potential for unauthorized access. Furthermore, developers will have the ability to create applications outside of the kernel, reducing the need for administrative privileges and thereby containing the spread of malware and ransomware.
Stronger Apps & Drivers Controls
To combat the infiltration of malicious software, Microsoft is implementing stricter controls over application and driver installations. The new “Smart App Control” feature will ensure that only verified applications can run on Windows PCs, allowing IT administrators to enforce policies that restrict the execution of unknown software.
Improving Identity Protection
With over 600 million identity attacks occurring daily, primarily password-based, Microsoft is prioritizing advanced identity protection technologies. This includes enhancing password policies, implementing multi-factor authentication, and utilizing sophisticated threat detection techniques to safeguard user accounts against unauthorized access.
Other Improvements from the Initiative
Weston also highlighted additional commitments aimed at enhancing the security and resilience of Windows devices. This includes collaboration with security vendors, the introduction of new encryption features to protect personal information, and the gradual integration of new coding languages into the platform.
Collaboration with Security Partners
Through initiatives like the Microsoft Virus Initiative (MVI), Microsoft is fostering partnerships with security vendors and researchers to share threat intelligence and bolster the security of Windows devices. Key aspects of this collaboration include:
- Safe Deployment Practices: Adoption of secure product update deployments and recovery procedures.
- Enhanced Monitoring: Careful monitoring of rollouts to mitigate negative impacts from updates and patches.
Data Protection
The introduction of the Personal Data Encryption feature in Windows 11 Enterprise utilizes Windows Hello authentication to secure files in designated locations, ensuring that only authenticated users can access their data.
Transition to Rust
In a bid to enhance code security and reliability, Microsoft is gradually transitioning specific components from C++ to Rust, a programming language renowned for its safety features.
As Microsoft embarks on this ambitious initiative, it is taking significant strides towards enhancing the security and reliability of its flagship operating system. By addressing critical vulnerabilities and implementing robust protective measures, the Windows Resiliency Initiative is poised to safeguard users against a myriad of cyber threats while ensuring improved stability and reliability.
Learn more about the CrowdStrike outage and the class action lawsuit that resulted from it.
