Last summer’s CrowdStrike incident left a significant mark on the cybersecurity landscape, affecting healthcare systems, banking access, and even air travel. The fallout from this event resulted in billions of dollars in damages, underscoring the urgent need for enhanced security measures. In response, Microsoft organized a security summit, gathering experts from CrowdStrike and other leading endpoint security firms to address the vulnerabilities that led to such a crisis.
As a result of these discussions, Microsoft announced a series of Safe Deployment practices and architectural changes aimed at fortifying Windows desktop and server products against future threats. Today, the company revealed that some features from the Windows Resiliency Initiative are set to launch soon. In July, Microsoft will provide a private preview of its new Windows endpoint security platform to select partners participating in the Microsoft Virus Initiative 3.0 program.
No more kernel drivers?
The most significant change involves relocating third-party security drivers from the Windows kernel to user space, a move widely advocated by security experts. This shift aims to mitigate the risks associated with kernel-level flaws that could lead to catastrophic system failures.
The new Windows capabilities will allow them to start building their solutions to run outside the Windows kernel. This means security products like antivirus and endpoint protection solutions can run in user mode just as apps do. This change will help security developers provide a high level of reliability and easier recovery, resulting in less impact on Windows devices in the event of unexpected issues.
Supportive comments from partners such as Bitdefender, ESET, and CrowdStrike highlight a collaborative spirit in this initiative. However, ESET’s previous concerns about kernel access have evolved into a more constructive dialogue, emphasizing the importance of maintaining a stable operating environment for their joint customers.
Notably absent from the list of supporters was Sophos, which has been critical of the proposed changes. The company’s Chief Research and Scientific Officer has previously emphasized the fundamental role of kernel access in ensuring robust security for Windows endpoints.
Bye-bye, Blue Screen of Death
Today’s announcement also brings attention to enhancements in the upcoming Windows 11 24H2 release. One notable improvement is the streamlined process for collecting crash dump reports after system failures, reducing downtime to approximately two seconds for most users. Additionally, the traditional Blue Screen of Death will be replaced with a more user-friendly “unexpected restart” screen, simplifying the experience for those affected.
Quick machine recovery debuts
Another significant feature on the horizon is the quick machine recovery (QMR) capability. This addresses one of the most frustrating aspects of the CrowdStrike incident, where affected machines entered a restart loop requiring manual intervention. With QMR, Microsoft can deploy targeted remediations automatically through its update servers, expediting recovery without the need for IT personnel to physically intervene.
When a widespread outage affects devices from starting properly, Microsoft can broadly deploy targeted remediations to affected devices via Windows RE — automating fixes with QMR and quickly getting users to a productive state without requiring complex manual intervention from IT. We are excited to announce QMR generally available later this summer together with the renewed unexpected restart functionality.
Fewer restarts for Windows 11 Enterprise updates
Lastly, a new security update feature promises to alleviate the frequent need for system restarts when applying fixes. Network administrators can utilize Windows Autopatch to deploy hotpatch updates on Windows 11 Enterprise PCs, limiting restarts to once every three months. However, this feature will not extend to unmanaged home and small business settings.
While these changes may go unnoticed by the average user, for network administrators who have endured sleepless nights worrying about potential meltdowns, they represent a welcome advancement in the ongoing battle for cybersecurity resilience.
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown
Last summer’s CrowdStrike incident left a significant mark on the cybersecurity landscape, affecting healthcare systems, banking access, and even air travel. The fallout from this event resulted in billions of dollars in damages, underscoring the urgent need for enhanced security measures. In response, Microsoft organized a security summit, gathering experts from CrowdStrike and other leading endpoint security firms to address the vulnerabilities that led to such a crisis.
As a result of these discussions, Microsoft announced a series of Safe Deployment practices and architectural changes aimed at fortifying Windows desktop and server products against future threats. Today, the company revealed that some features from the Windows Resiliency Initiative are set to launch soon. In July, Microsoft will provide a private preview of its new Windows endpoint security platform to select partners participating in the Microsoft Virus Initiative 3.0 program.
No more kernel drivers?
The most significant change involves relocating third-party security drivers from the Windows kernel to user space, a move widely advocated by security experts. This shift aims to mitigate the risks associated with kernel-level flaws that could lead to catastrophic system failures.
Supportive comments from partners such as Bitdefender, ESET, and CrowdStrike highlight a collaborative spirit in this initiative. However, ESET’s previous concerns about kernel access have evolved into a more constructive dialogue, emphasizing the importance of maintaining a stable operating environment for their joint customers.
Notably absent from the list of supporters was Sophos, which has been critical of the proposed changes. The company’s Chief Research and Scientific Officer has previously emphasized the fundamental role of kernel access in ensuring robust security for Windows endpoints.
Bye-bye, Blue Screen of Death
Today’s announcement also brings attention to enhancements in the upcoming Windows 11 24H2 release. One notable improvement is the streamlined process for collecting crash dump reports after system failures, reducing downtime to approximately two seconds for most users. Additionally, the traditional Blue Screen of Death will be replaced with a more user-friendly “unexpected restart” screen, simplifying the experience for those affected.
Quick machine recovery debuts
Another significant feature on the horizon is the quick machine recovery (QMR) capability. This addresses one of the most frustrating aspects of the CrowdStrike incident, where affected machines entered a restart loop requiring manual intervention. With QMR, Microsoft can deploy targeted remediations automatically through its update servers, expediting recovery without the need for IT personnel to physically intervene.
Fewer restarts for Windows 11 Enterprise updates
Lastly, a new security update feature promises to alleviate the frequent need for system restarts when applying fixes. Network administrators can utilize Windows Autopatch to deploy hotpatch updates on Windows 11 Enterprise PCs, limiting restarts to once every three months. However, this feature will not extend to unmanaged home and small business settings.
While these changes may go unnoticed by the average user, for network administrators who have endured sleepless nights worrying about potential meltdowns, they represent a welcome advancement in the ongoing battle for cybersecurity resilience.