TLDR:
- Microsoft is planning to implement new Windows security features to prevent incidents like the CrowdStrike catastrophe.
- They are working on moving security vendors out of the Windows kernel to improve system resiliency.
Microsoft recently announced plans to make changes to Windows in response to the CrowdStrike incident that took down 8.5 million Windows PCs and servers. The incident was caused by a faulty update from CrowdStrike running at the kernel level of Windows. Microsoft hosted a security summit where they discussed the need for improvements to Windows security to prevent such incidents from happening again.
While Microsoft is not explicitly stating that they will lock down the Windows kernel, they are working on designing a new security platform that will eventually move security vendors like CrowdStrike out of the kernel. They have been collaborating with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro to ensure the new platform meets the security needs of both customers and ecosystem partners.
Some industry leaders have expressed support for Microsoft’s efforts, while others, like Cloudflare CEO Matthew Prince, have raised concerns about potential implications. Microsoft is actively engaging with government officials in the US and Europe to address these concerns and ensure a more secure endpoint security ecosystem.