September 13, 2024 at 02:39PM
Microsoft is redesigning anti-malware products’ interaction with Windows kernel to prevent a repeat of the global IT outage caused by a faulty CrowdStrike update. This will involve new platform capabilities in Windows 11, focusing on security and resilience goals. Microsoft aims to enforce Safe Deployment Practices for updates to avoid future mishaps.
From the meeting notes, it is clear that Microsoft is embarking on a redesign initiative in response to the global IT outage caused by a faulty CrowdStrike update. The company plans to introduce new platform capabilities in Windows 11 that will permit security vendors to operate “outside of kernel mode,” with the goal of enhancing software reliability and resilience. This redesign aims to prevent a recurrence of the previous software update mishap and to promote Safe Deployment Practices (SDP) among EDR vendors. Microsoft’s Vice President, David Weston, emphasized the importance of gradual and staged deployment of updates, compatibility testing, incident response effectiveness, and security sensor requirements. The summit also involved discussions on performance needs and challenges of operating outside of kernel mode, anti-tampering protection, and secure-by-design goals for future platforms.