Microsoft to move endpoint security systems out of Windows kernel
There's a certain risk of allowing security software to operate at the kernel level
2 min. read
Updated on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Key notes
- The CrowdStrike outage hit 8.5 million PCs, causing major disruptions.
- Now, Microsoft plans to move security systems out of the Windows kernel to avoid future issues.
- The company is working with partners and considering restricting third-party kernel access.
It wasn’t a while ago when the CrowdStrike outage happened. Described as the worst IT outage in history, a faulty update to CrowdStrike’s Falcon Sensor software has sent at least 8.5 million Windows PCs into Blue Screen of Death (BSOD), disrupting important businesses like airlines, government offices, hospitals, and more.
And now, in a quest to prevent such outages, Microsoft said in a recent security summit that it’d explore options to move endpoint security systems out of the Windows kernel.
The Redmond company is now working with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro to design a new platform that maintains security and system resilience without relying on kernel-level access. Though, some concerns remain about potential monopolistic implications in cybersecurity and the need for regulation.
There’s a certain risk of allowing security software to operate at the kernel level. The Windows kernel is the core part of the OS with unrestricted access to system memory and hardware, which was implicated in the CrowdStrike incident.
So, when the faulty update happened, Windows went kaput.
“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions,” Microsoft says.
Microsoft also said that it’s considering restricting third-party access to the Windows kernel, following the outage.
A while ago, another smaller outage also happened. 20,000-something users reported that the Microsoft 365 system was facing disruptions, which mostly affected Outlook.
User forum
1 messages