微軟將端點安全系統移出Windows內核

It wasn’t a while ago when the CrowdStrike outage happened. Described as the worst IT outage in history, a faulty update from CrowdStrike Falcon software has sent at least 8.5 million Windows PCs into Blue Screen of Death (BSOD), disrupting important businesses like 航空公司, government offices, hospitals, and more.

And now, in a quest to prevent such outages, Microsoft said in a recent security summit that it’d explore options to move endpoint security systems out of the Windows kernel.

The Redmond company is now working with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro to design a new platform that maintains security and system resilience without relying on kernel-level access. Though, some concerns remain about potential monopolistic implications in cybersecurity and the need for regulation.

There’s a certain risk of allowing security software to operate at the kernel level. The Windows kernel is the core part of the OS with unrestricted access to system memory and hardware, which was implicated in the CrowdStrike incident.

So, when the faulty update happened, Windows went kaput.

“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions,” Microsoft says.

Microsoft also said that it’s considering restricting third-party access to the Windows kernel, following the outage.

A while ago, another smaller outage also happened. 20,000-something users reported that the Microsoft 365 system was facing disruptions, which mostly affected Outlook.