Microsoft Vows to Prevent Future CrowdStrike-Like Outages

Written by

Microsoft has announced plans to provide new security capabilities designed to prevent IT outages like the CrowdStrike incident in July.

The developments will build on security investments Microsoft has made in Windows 11, enabling more security capabilities for solution providers outside of kernel mode.

The tech giant acknowledged that its customers and ecosystem partners want it to provide these additional capabilities to ensure they can continue to operate during future events.

The CrowdStrike global IT outage on July 19 was caused by a defect in an update on the security vendor’s Falcon Sensor product, preventing Windows operating systems from booting correctly.

This caused disruption to critical sectors such as airlines, banks, healthcare and media.

Read now: DDoS Attack Triggers New Microsoft Global Outage

The fault on Falcon Sensor took down the entire Windows system, along with all other non-CrowdStrike software on it, because Falcon Sensor has access to the system’s kernel. A kernel is the main interface between the software running on a computer and its hardware.

Microsoft will now look to incorporate the following areas for the development of its new security capabilities:

  • Performance needs and challenges outside of kernel mode
  • Anti-tampering protection for security products
  • Security sensor requirements
  • Development and collaboration principles between Microsoft and the ecosystem
  • Secure-by-design goals

“As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security,” the company said.

Microsoft Hosts Security Summit

The announcement follows a security summit hosted by Microsoft on September 10 to discuss strategies for improving resiliency and protecting critical infrastructure.

The event was made up of various endpoint security vendors, including CrowdStrike, ESET, SentinelOne and Sophos, and government officials from the US and Europe.

Microsoft said a consensus was reached that there needs to be more options for Windows and choices in security products.

Alongside discussions about the development of additional security capabilities outside of kernel, the summit participants discussed short term opportunities to support the safety and resiliency of their mutual customers.

This includes how to deploy Safe Deployment Practices (SDP) at Microsoft and creating shared best practices as a community.

Image credit: KatuSka / Shutterstock.com

What’s hot on Infosecurity Magazine?