Industry

Microsoft plans to prevent another CrowdStrike-like system outage

Nov 22, 2024

Microsoft is launching a new Windows Resiliency Initiative to tighten security, enhance reliability, and protect system integrity.

The intention is to prevent issues like the CrowdStrike incident from happening again, while giving users more flexibility without requiring admin privileges. The initiative also includes tighter controls for risky applications and drivers, as well as improved personal data security measures.

At the heart of the effort are updates that make it easier to recover Windows-based devices in case of a major issue. One standout feature is Quick Machine Recovery, which allows IT admins to remotely fix machines that can’t boot. It builds on improvements to the Windows Recovery Environment (Windows RE), enabling Microsoft to deploy targeted fixes directly.

“In a future event, hopefully that never happens, we could push out [an update] from Windows Update to this Recovery Environment that says delete this file for everyone,” explained David Weston, Microsoft’s VP of enterprise and OS security, in an interview with The Verge. The feature gives admins a reliable way to tackle widespread problems quickly.

Following the CrowdStrike debacle, Weston has been in talks with hundreds of customers, all of whom were asking for better recovery tools and stronger resiliency. “Every one of them is saying I owe my board a response on how this doesn’t happen again,” he said.

To address those concerns, Microsoft is requiring security vendors in its Microsoft Virus Initiative (MVI) to adopt stricter protocols, including safer update rollouts and better monitoring and recovery procedures. A key focus is moving antivirus processing outside the kernel—the core part of the operating system that has unrestricted access to system memory and hardware. The shift is intended to prevent issues like the ‘Blue Screen of Death’ caused by CrowdStrike’s kernel-level software update.

“We’re developing a framework that [security vendors] want to use and they’re incentivised to use,” said Weston, adding that Microsoft is working closely with partners to make this happen. A preview of this new framework will be available in July 2025.

Aside from the changes, Microsoft is introducing Administrator Protection to Windows 11. The feature gives users the security of a standard account while also granting temporary admin privileges for specific tasks. Once a user authenticates with Windows Hello, they can install apps or make system changes, and the admin rights are automatically revoked when the task is done. “Windows creates a temporary isolated admin token to get the job done,” Weston explained.

Microsoft is also improving Windows security by transitioning parts of the operating system from C++ to the memory-safe programming language Rust, in line with recommendations from the White House.

Thee updates highlight Microsoft’s commitment to making Windows more secure and resilient for users and businesses. From smarter recovery tools to a more secure platform for security vendors, it’s all about facing today’s challenges and building a better Windows for the future.

(Photo by Windows)

See also: Microsoft faces new EU antitrust charges over Teams

Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo, AI & Big Data Expo, Cyber Security & Cloud Expo, and other leading events.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: data, microsoft, security, windows 11