After what many call the “worst IT outage in history,” caused by a faulty CrowdStrike update that hit 8.5 million PCs, Microsoft is considering changes to make Windows more resilient and limiting security vendors’ access to the Windows kernel.
In a recent incident report, Microsoft suggests that vendors should use kernel mode less and that customers should take full advantage of Windows’ built-in security features to avoid similar problems in the future.
The outage happened because of a bad update to CrowdStrike’s CSagent.sys driver, which led to memory access errors and constant system reboots. Microsoft’s investigation agrees with CrowdStrike’s findings, noting that kernel-mode drivers offer important system control and protection but can cause big problems if something goes wrong.
To prevent future issues, Microsoft plans to limit third-party access to the Windows kernel, which is the core part of the operating system. They already tried something similar with Windows Vista back in 2006, but it was stopped due to complaints from cybersecurity vendors and EU regulators.
Microsoft advises businesses to have strong business continuity and incident response plans, back up data regularly, restore devices quickly, follow safe update practices, and consider using cloud management solutions.
The company also plans to add advanced security features like Virtualization-Based Security (VBS) and zero-trust approaches soon.