Microsoft plans to create a new security platform following millions of Windows PCs collisions due to the CrowdStrike update.
TakeAway Points:
- Microsoft intends to enhance reliability following the CrowdStrike update issue by developing a new security platform that will run outside of kernel mode.
- The CrowdStrike update catastrophe, which impacted millions of people worldwide, sparked discussion over Windows systems’ kernel access for cybersecurity companies.
- Responses from the industry are divided; some applaud Microsoft’s move, while others express concern over the ramifications for monopolies.
Microsoft releases a new security tool
Microsoft Corp. has announced plans to develop a new security platform in response to a recent global IT meltdown caused by a flawed update from CrowdStrike Holdings Inc. The Redmond, Washington-based technology giant stated on Thursday that it would “continue to design and develop” a “new platform capability” to enable security vendors to operate outside of kernel mode, the base layer of the operating system. This move is aimed at “enhanced reliability without sacrificing security,” according to Microsoft.
The announcement follows a meeting on September 10 between Microsoft and other cybersecurity companies to discuss safer deployment of updates and alternatives to kernel access. The new platform will require significant retooling by both Microsoft and external cybersecurity companies that currently use kernel access to monitor potential threats.
“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode, which, along with safe deployment practices can be used to create highly available security solutions.” David Weston, vice president of enterprise and OS security at Microsoft, said.
The CrowdStrike Update’s Effect
The decision to develop a new security platform comes less than two months after CrowdStrike released an update that crashed millions of Windows computers, affecting airports, banks, stock exchanges, and businesses globally. The incident sparked a debate over whether cybersecurity firms should have access to the kernel level of Microsoft Windows systems due to the risks associated with such core access. CrowdStrike’s software, which operates at the kernel level, caused a Blue Screen of Death on affected systems.
Microsoft’s latest version of its Windows operating system has already made changes to allow cybersecurity companies to provide more “security capabilities” outside of kernel mode. Drew Bagley, CrowdStrike’s vice president and counsel for privacy and cyber policy, commented, “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”
Industry response to this action
The cybersecurity industry has shown mixed reactions to Microsoft’s proposed changes. Some firms see operating in the base layer as essential. Eset LLC, a digital security firm, stated, “It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats.”
However, other industry leaders have welcomed the initiative. Joe Levy, CEO of Sophos, said, “It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem.” Kevin Simzer, chief operating officer at Trend Micro, also praised Microsoft’s efforts, stating, “I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders.”
Despite the support, there are concerns about the potential implications of these changes. Cloudflare CEO Matthew Prince expressed worries on X (formerly Twitter), stating, “Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world.” Prince emphasized that his concern was not about Microsoft potentially locking down the Windows kernel but about the company possibly locking it down “for everyone else” while still giving its own offering “privileged access.”