Source URL: https://www.theregister.com/2024/09/13/microsoft_is_updating_windows_to/
Source: The Register
Title: Microsoft is updating Windows to avoid repeat of CrowdStrike catastrophe
Feedly Summary: Existing low-level kernel access for security solutions will undergo a rework
Microsoft says it’s working on Windows to allow endpoint security solutions to operate outside of the operating system’s kernel, all with a view to preventing any future CrowdStrike-esque mega-outages.…
AI Summary and Description: Yes
Summary: The text discusses Microsoft’s ongoing efforts to improve endpoint security in Windows following significant outages attributed to vulnerabilities in the operating system’s kernel. This initiative involves collaboration with industry partners to enhance security measures while addressing performance challenges and ensuring robust update deployment practices.
Detailed Description:
– Microsoft is focusing on improving endpoint security in Windows by allowing security solutions to function outside the operating system’s kernel to prevent substantial outages similar to the recent CrowdStrike incident.
– Key challenges identified include:
– **Performance Requirements**: Solutions operating outside the kernel must still meet necessary performance metrics.
– **Anti-tampering Protections**: New security mechanisms need to have robust protections against tampering.
– **Security Sensor Requirements**: There is a need to align the capabilities of security sensors with the new architecture.
– **Secure-by-Design Principles**: Microsoft aims to ensure that their new solutions are inherently secure within their design.
– Insights from the Security Summit:
– Infosec experts from various companies discussed the risks associated with kernel access and the need for revised architecture and practices.
– Joe Levy from Sophos highlighted that many vendors were caught off guard by their kernel access considerations.
– There was a strong sentiment among attendees regarding the necessity for vendor transparency and safe deployment practices.
– The CrowdStrike incident in July, stemming from a faulty sensor update, underscored these vulnerabilities. The update led to a logic error that resulted in a major Windows crash affecting 8.5 million PCs.
– Responses to the incident included scrutiny over quality assurance processes, which CrowdStrike defended as adequate despite the outcome.
– Microsoft plans to ensure kernel access is available on a just-in-time basis rather than consistently, promoting better security practices.
– Future actions include:
– Developing best practices for the safe rollout of updates across the ecosystem, informed by input from security partners.
– Gradual and staged deployment of updates (Safe Deployment Practices), aimed at minimizing risks during updates.
– Continued collaboration with industry partners to share best practices for update deployment, incident response, and compatibility testing.
This initiative by Microsoft showcases the progressively collaborative nature of endpoint security, emphasizing the need for shared strategies to mitigate vulnerabilities and advance security resilience across the ecosystem.