Security News > 2024 > July > Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools
Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike's faulty software update was almost certainly too low, and vowed to reduce infosec vendors' reliance on the kernel drivers at the heart of the issue.
Redmond posted an incident response blog on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the incident: by accessing crash reports shared by customers.
Weston also reminded readers that Redmond runs an industry forum called the Microsoft Virus Initiative in which security vendors and the OS giant work together to "Define reliable extension points and platform improvements, as well as share information about how to best protect our customers."
The Microsoft veep listed the many security-related enhancements Microsoft has made over the years, and revealed the software megalith now plans "To work with the anti-malware ecosystem to take advantage of these integrated features to modernize their approach, helping to support and even increase security along with reliability."
Providing safe rollout guidance, best practices, and technologies to make it safer to perform updates to security products; Reducing the need for kernel drivers to access important security data; Providing enhanced isolation and anti-tampering capabilities with technologies like recently announced VBS enclaves; Enabling zero trust approaches like high integrity attestation which provides a method to determine the security state of the machine based on the health of Windows native security features.
Microsoft and Windows have a long and inglorious history of security snafus.
News URL
Related news
- Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools (source)
- EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft (source)
- Microsoft shows venerable and vulnerable NTLM security protocol the door (source)
- Microsoft delays Windows Recall amid privacy and security concerns (source)
- Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns (source)
- Microsoft delays Windows Recall rollout, more security testing needed (source)
- Microsoft answered Congress' questions on security. Now the White House needs to act (source)
- Microsoft: New Outlook security changes coming to personal accounts (source)
- Microsoft hits snooze again on security certificate renewal (source)
- Microsoft confirms CrowdStrike update also hit Windows 365 PCs (source)