What you need to know
- Microsoft wants to develop a new platform that will satisfy the needs of security vendors after the CrowdStrike fiasco.
- The tech giant hasn’t categorically indicated that it will block access to Windows in kernel mode, but endpoint security systems might have limited access at the very least.
- Security vendors have raised concerns and called for regulatory intervention and scrutiny of Microsoft’s advances in this matter.
A few months ago, a buggy CrowdStrike software update left over 8.5 million Windows devices with Blue Screen of Death (BSOD) errors for hours. And while the issue has since been resolved, Microsoft and CrowdStrike have been placed between a rock and a hard place, constantly fighting legal battles in court against affected parties seeking compensation for damages, including Delta Air Lines which half a billion dollars in five days.
Microsoft categorically indicated that it’s not at fault for the outage and has implemented new measures to prevent the issue, including restricting security software like CrowdStrike’s Falcon from accessing Windows 11 at a kernel level. Still, the tech giant continues to face harsh criticism, with Delta Air Lines CEO Ed Bastian referring to it as “the most fragile platform” and potentially hinting that the company could be taking its business elsewhere. “When was the last time you heard of a big outage at Apple?” Bastian concluded.
And now, Microsoft is making even more critical changes designed to help security vendors like CrowdStrike run operations away from the Windows kernel (via The Verge). The tech giant highlighted these plans at its just-concluded security summit at its headquarters in Redmond, Washington.
Microsoft wants to develop a “controlled” platform for security vendors
The tech giant has seemingly discussed requirements and bottlenecks in developing a new platform that could satisfy the needs of security vendors. This might be part of Microsoft’s broader plans and focus on security across its products and services. As highlighted by Microsoft CEO Satya Nadella:
“Security underpins every layer of the tech stack, and it’s our No. 1 priority. We are doubling down on this very important work, putting security above all else, before all other features and investments.”
“As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security,” indicated David Weston, Microsoft’s VP of Enterprise and OS security.
Microsoft hasn’t categorically indicated that it’s completely blocking security vendors from accessing Windows at the kernel level. The development of the security platform is a key indicator that the company, at the very least, will limit access.
Security vendors are seemingly open to Microsoft’s new approach, including CrowdStrike’s VP of Privacy and Cyber Policy, Drew Bagley who indicated, “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”
Called it. Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world. pic.twitter.com/PR2AnJwpZiAugust 23, 2024
However, some vendors have expressed concern and called for scrutiny of Microsoft’s actions. According to Cloudflare CEO Matthew Prince, “A world where only Microsoft can provide effective endpoint security is not a more secure world.”