Microsoft is in the process of developing a specialized platform within the Windows operating system aimed at improving antivirus monitoring. This initiative involves restricting security software from accessing the kernel, a statement highlighted in a recent post on their Experience Blog. This decision comes in light of the significant disruptions caused by the CrowdStrike incident back in July.
The concept for this new platform was discussed during a summit on September 10, 2024, held at Microsoft’s headquarters in Redmond, Washington. The purpose of the gathering was outlined by Microsoft, which noted, “This forum convened a diverse array of endpoint security vendors and government representatives from both the U.S. and Europe to share strategies focused on enhancing resiliency and securing critical infrastructure for our mutual clients.”
While the summit was not about final decisions, Microsoft provided insights on key themes and challenges faced in developing the proposed platform. Some of the focal points included:
- Identifying performance requirements beyond kernel mode
- Implementing anti-tampering measures for security applications
- Defining necessary security sensor capabilities
- Establishing collaborative principles between Microsoft and its ecosystem partners
- Achieving secure-by-design ambitions for the new platform
Although Microsoft has not definitively stated that it will render the kernel inaccessible, it is proactively working on a security platform aimed at transferring responsibilities away from a kernel context, following the issues highlighted by CrowdStrike. This is a long-term vision, focusing on enhancing system reliability while adhering to stringent security practices.
During the same summit, ESET, an antivirus provider, emphasized the need to retain kernel access for cybersecurity tools to foster innovation and effectively combat emerging cyber threats. They expressed a desire for ongoing collaboration on this significant initiative.
To assist users in enhancing their security, several tips were shared, including the importance of securely backing up data and having comprehensive business continuity and incident response plans in place. The CrowdStrike debacle had a widespread impact, leading to the failure of 8.5 million Windows PCs and servers across multiple sectors, with airlines experiencing some of the most severe repercussions.