Microsoft considers allowing security vendors to operate outside the Windows kernel following the CrowdStrike issue



Following the large-scale Windows PC outage caused by CrowdStrike in July 2024, Microsoft held a security summit on September 10, 2024. During the summit, Microsoft revealed that they discussed 'creating a special platform for antivirus monitoring and separating security products from the kernel.'

Taking steps that drive resiliency and security for Windows customers | Windows Experience Blog

https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/



Microsoft is building new Windows security features to prevent another CrowdStrike incident - The Verge

https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike

Microsoft Eyes New Windows Security Layer To Prevent CrowdStrike Repeat | PCMag
https://www.pcmag.com/news/microsoft-eyes-new-windows-security-layer-to-prevent-crowdstrike-repeat

On September 10, 2024, Microsoft held the Windows Endpoint Security Ecosystem Summit at its headquarters in Redmond, Washington. Microsoft invited major partners providing endpoint security technology, including CrowdStrike, to hold a meeting about improving security resilience and protecting infrastructure.

Microsoft holds security summit after CrowdStrike disaster - GIGAZINE



The background to the event is the large-scale Windows PC outage that occurred on July 19, 2024. In this outage, CrowdStrike updated its own product, which had access to the kernel, causing device malfunctions on a global scale.

CrowdStrike releases root cause analysis after causing global outage with Blue Screen of Death - GIGAZINE



'We discussed the requirements and key challenges to create a new platform that can meet the needs of security vendors,' Microsoft said. 'Both our customers and ecosystem partners have been asking us to provide additional security capabilities outside of kernel mode, so they can develop highly available security solutions with secure deployment practices,' said David Weston, Microsoft's vice president of enterprise and OS security.

Microsoft reported that security vendors discussed the challenges of operating systems outside of kernel mode, the need for tamper-proof protection for security products, and the requirements for security sensors. 'As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of improving reliability without sacrificing security,' the report said.

Commenting on the summit, Drew Bagley, vice president of privacy and cyber policy at CrowdStrike, said, 'We appreciate the opportunity to participate in these important discussions with Microsoft and our industry peers. The summit enabled us to discuss how best to build a more resilient, open Windows endpoint security ecosystem that strengthens our customers' security.'



'We were pleased to have an open discussion with our industry peers about making both Windows and the endpoint security ecosystem more resilient and robust,' said Sophos CEO Joe Levy, and Trend Micro COO Kevin Simser said, 'We applaud Microsoft for opening the door to continued collaboration with leading endpoint security leaders.'

Cloudflare CEO Matthew Prince, on the other hand, criticized the meeting, saying, 'A world in which only Microsoft can provide effective endpoint security is not a safe world.'




'While restricting access to the kernel to all users, Microsoft gives its own products 'privileged access' to the kernel,' Prince pointed out.


in Software,   Security, Posted by log1r_ut