Microsoft plans to boot security vendors out of the Windows kernel
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable.
As part of that initiative, the company has announced that its working on Quick Machine Recovery, a feature that “will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC.”
The feature will be available to the Windows Insider Program community in early 2025.
Windows Resiliency Initiative: Plan of action
To prevent a similar incident from happening again, Microsoft will madate that endpoint security companies that have the deepest integration into Windows:
- Conduct additional security and compatibility testing of components (e.g., drivers) with each Windows update.
- Adopt safe deployment practices such as releasing security product updates gradually, leveraging deployment rings, and monitoring the deployment of updates so that negative impact from updates is minimized as much as possible.
- Collaborate with Microsoft in developing and implementing strengthened incident response processes so they can quickly address future incidents.
“To help our customers and partners increase resilience, we are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode,” said David Weston, Vice President Enterprise and OS Security at Microsoft.
“This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025.”
And, like Google, Microsoft is committed to adopting safer programming languages and to “gradually moving functionality from C++ implementation to Rust.”