Microsoft has outlined a strategy to protect Windows against future incidents similar to the CrowdStrike breach. The company published a series of steps to follow in response to such incidents, as well as necessary adjustments to the operating system. The recent computer crash made them realize that Windows requires structural changes to prevent it from happening again.
Please follow us on Twitter and Facebook
In a post on the Windows IT blog, Microsoft emphasized that the CrowdStrike breach should be taken as a wake-up call. “This incident clearly shows that Windows must prioritize change and innovation in the area of end-to-end resiliency,” said John Cable, Vice President of Program Management for Windows Servicing and Delivery.
The tech giant is offering some insights into the upcoming changes to Windows. The key issue is protecting the operating system’s kernel to avoid failures similar to the recent incident. While Microsoft cannot completely shield the kernel, the company has virtualization options, such as VBS (Virtualization-Based Security) enclaves.
These isolated execution environments protect memory and do not require kernel-mode drivers to be tamper-resistant. VBS enclaves are a part of virtualization-based security, an essential feature of Windows to protect high-value secrets stored in the operating system.
Another feature that could help prevent another CrowdStrike incident is Microsoft Azure Attestation, a solution that remotely verifies the integrity of binary files. Cable mentions that these approaches are key to encouraging development practices that do not rely on kernel access.
Read Also: CrowdStrike Offers an UberEats Voucher to Compensate for the Disaster It Caused
Microsoft’s Regulatory Constraints
The CrowdStrike-related computer outage significantly impacted Microsoft’s reputation. At one point, airlines, businesses, and users referred to the incident as “the Windows crash.” Although the bug is not directly related to Windows, the cybersecurity software runs at the operating system kernel level.
This issue could be avoided if Microsoft could harden the kernel, as Google or Apple do. However, the company is legally prevented from blocking third-party access due to regulatory reasons. Microsoft and the European Commission reached an agreement in 2009 to guarantee third-party access to Windows APIs.
CrowdStrike’s software runs as a kernel-mode device driver, giving it access to the entire operating system. This privilege means that a corrupt file, like the one included in the update, was enough to cause significant disruption.
Following the incident, Microsoft has criticized the European Commission, blaming it for the extent of the CrowdStrike breach. Some experts suggest that the tech giant will use this flaw as evidence to challenge the 2009 interoperability agreement. The agreement signed a few years ago might open the door to another CrowdStrike, although removing it would benefit Microsoft over other cybersecurity vendors.
Read Also: CrowdStrike Provides New Information About the Cause