By Rebecca Albert Two months after the famous Crowdstrike bug that caused the breakdown of more than 8.5 million Windows PCs worldwide, Microsoft has just presented its plan to avoid experiencing this situation again. The idea? Modify the privileges granted to security providers by prohibiting them from accessing the OS kernel.
Remember, it’s July 19, 2024, and without warning, more than 8.5 million Windows PCs mysteriously crash around the world. This bug of unprecedented magnitude has paralyzed many television channels, airports, train stations, supermarkets, and a multitude of businesses.
Very quickly, the culprit is designated. This is Crowdstrikean antivirus software provider and long-time partner of the Redmond firm. Specifically, the outage was caused by a simple faulty EDR update (editor’s note: a software technology for detecting computer security threats) from the American company.
But how could a small error slipped into an update trigger such chaos? Quite simply because some IT security providers like Crowdstrike have direct access to the Windows kernel.
Microsoft wants to remove kernel access from security vendors
For years now, Microsoft had been in the habit of allowing these companies to intervene up to the kernel of the OS, in particular to guarantee high-level protection. However, The Crowdstrike incident has reshuffled the cards.
At a summit on computer security organized by Microsoft on September 10, 2024, the American giant unveiled its plan to avoid reliving such a situation. To summarize, the Redmond firm simply wants remove access to the Windows kernel from cybersecurity vendors.
Also read: CrowdStrike Bug – some were unfazed by the global outage, thanks Windows 95!
In an official press release, Microsoft explains that it has “discussed the requirements for creating a new platform capable of meeting the needs of security vendors.” Crowdstrike was obviously part of the round table, alongside Broadcom, Sophos and Trend Micro.
“We appreciated the opportunity to join these important discussions with Microsoft and the industry on how best to collaborate to create a more resilient and open Windows endpoint security ecosystem,” said Drew Bagley, Crowdstrike’s vice president of cyber policy. For now, negotiations are ongoing and It’s hard to know what to expect with this new platform.
Source : TechRadar