A recent outage caused by CrowdStrike was one of the most significant IT failures ever. A faulty update in CrowdStrike’s Falcon software led to the Blue Screen of Death (BSOD) on about 8.5 million Windows PCs, disrupting critical services such as airlines, hospitals, and government agencies.
In response, Microsoft is exploring ways to shift endpoint security systems outside the Windows kernel to prevent similar issues. At a recent security summit, Microsoft announced its collaboration with partners like CrowdStrike, Broadcom, Trend Micro, and Sophos to create a new platform that ensures security without the requirement for kernel-level access. This move should enhance system stability while addressing concerns that such a change could lead to a monopoly in the cybersecurity space, sparking discussions around regulatory measures.
The Windows kernel, the operating system’s core with full access to system memory and hardware, played a key role in the CrowdStrike incident. When the faulty update was deployed, it caused massive system crashes.
Microsoft noted that many customers and partners are requesting security solutions that operate outside of kernel mode. They are also considering restricting third-party access to the Windows kernel as part of their efforts to prevent future outages.