Microsoft Unveils New Windows Security Update Strategy

Microsoft is taking steps to enhance the security and stability of Windows systems following the CrowdStrike-related outage that caused global crashes on many Windows devices. While CrowdStrike has already explained the cause, and Microsoft released its own findings, the incident raised questions about the level of kernel access granted to security products.

This topic was discussed during the Windows Endpoint Security Ecosystem Summit held on September 10, where Microsoft, government officials, and cybersecurity companies gathered. The discussion focused on whether limiting kernel-level access for security products could prevent similar system crashes in the future. Unlike Apple, which restricts kernel access for security reasons, Microsoft may consider reducing kernel privileges to improve overall system stability.

David Weston, VP of Enterprise and OS Security at Microsoft, emphasized the importance of information sharing to improve the resiliency of the Windows ecosystem. The summit covered best practices for safely deploying updates, ensuring gradual and staged rollouts to minimize risks.

Microsoft also discussed upcoming changes to Windows, including new security capabilities in Windows 11 that will allow solution providers to operate outside of kernel mode. This aims to provide more reliable security solutions without compromising safety. Microsoft plans to collaborate with its partners to refine these changes.

While vendors like ESET support these modifications, they stress that kernel access should remain available to continue detecting and blocking advanced cyber threats. Experts agree that proper testing and controlled update rollouts are key to preventing incidents like the CrowdStrike outage in the future.