Microsoft is building new Windows security features to prevent another CrowdStrike incident

ronjor · Sep 12, 2024

By Tom Warren Sep 12, 2024

There’s no talk of locking down the Windows kernel just yet, but Microsoft clearly wants to move endpoint security systems out of there.
Click to expand...

While Microsoft isn’t directly saying it’s going to close off access to the Windows kernel, it’s clearly at the early stages of designing a security platform that can eventually move CrowdStrike and others out of the kernel. Microsoft last tried to close off access to the Windows kernel in Windows Vista in 2006, but it was met with pushback from cybersecurity vendors and regulators.
Click to expand...

EASTER · Sep 12, 2024

Ring 0 research. Again.

Rasheed187 · Sep 14, 2024

Well this sounds interesting, I wonder what changes they will make to Windows 12. They should take a look at macOS for clues.

Prince says he’s not concerned about Microsoft potentially locking down the Windows kernel, but more that the company could lock it down “for everyone else” while still giving its own offering “privileged access.” Microsoft also invited government officials from the US and Europe to its security summit because it’s clearly aware of concerns like the ones Prince mentioned.
Click to expand...

This should be indeed closely monitored. Windows Defender should of course not get any preferential treatment.

ronjor · Nov 19, 2024

Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident

By Tom Warren Nov 19, 2024
Microsoft is working on a new framework to move Windows security vendors out of the kernel for anti-virus scanning.
Click to expand...

Rasheed187 · Dec 5, 2024

ronjor said: ↑

Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident
Click to expand...

Microsoft has also been working with its MVI partners to enable antivirus processing outside of the kernel. CrowdStrike’s software runs at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. This deep kernel access allowed a faulty update to generate a Blue Screen of Death as soon as affected systems started up.
Click to expand...

I really wonder how this will work. I hope it won't dumb down security tools, I mean most of the security tools on macOS aren't exactly that impressive. But if it can make Windows more stable, it's at least worth a try.

But M$ needs to make sure that security tools can still block stuff like keylogging, code injection, outbound connections and file encryption. Not to forget about monitoring process execution, service/driver loading and registry modification. Think of the stuff that a tool like AutoRuns monitors for example.

https://www.softpedia.com/get/System/System-Info/AutoRuns.shtml

Log in or Sign up

Microsoft is building new Windows security features to prevent another CrowdStrike incident

ronjor Global Moderator

EASTER Registered Member

Rasheed187 Registered Member

ronjor Global Moderator

Rasheed187 Registered Member

Log in or Sign up

Microsoft is building new Windows security features to prevent another CrowdStrike incident

ronjor Global Moderator

EASTER Registered Member

Rasheed187 Registered Member

ronjor Global Moderator

Rasheed187 Registered Member

Useful Searches