Ethical Hacking News
Microsoft has unveiled a new Windows Resiliency Initiative aimed at improving the operating system's security and reliability in response to a recent high-profile incident involving CrowdStrike. The initiative includes several key features, including Quick Machine Recovery, enhanced deployment practices from security vendors, and improved resiliency measures within Windows itself.
Microsoft has announced a new initiative to improve the security and reliability of Windows following a catastrophic incident involving CrowdStrike that compromised 8.5 million Windows PCs and servers. The company is developing a framework to enable antivirus scanning outside of the kernel space, reducing the risk of similar incidents in the future. Microsoft has gathered feedback from customers and security vendors on better recovery tools, deployment practices, and resiliency measures to prevent similar incidents. A new Quick Machine Recovery feature will enable IT administrators to target fixes at machines remotely, even when they are unable to boot properly. Microsoft is requiring partners in the Microsoft Virus Initiative to adhere to specific guidelines for enhanced security and reliability. The company is developing a new framework that security vendors will be incentivized to use to enable antivirus scanning outside of the kernel space.
Microsoft has recently announced a new initiative aimed at improving the security and reliability of its Windows operating system, following a catastrophic incident involving CrowdStrike that left 8.5 million Windows PCs and servers compromised in July. The company's goal is to implement a framework that will enable antivirus scanning outside of the kernel space, thereby reducing the risk of similar incidents occurring in the future.
According to David Weston, vice president of enterprise and OS security at Microsoft, the company has been actively engaging with its customers since the CrowdStrike incident, gathering feedback on their concerns regarding better recovery tools, improved deployment practices from security vendors, and enhanced resiliency from Windows itself. The vast majority of these customers have emphasized the need for more robust measures to be taken to prevent such incidents in the future.
In response to these concerns, Microsoft has developed a new Quick Machine Recovery feature that will enable IT administrators to target fixes at machines remotely, even when they are unable to boot properly. This feature leverages improvements to the Windows Recovery Environment (Windows RE), allowing administrators to push updates from Windows Update directly into the recovery environment and execute a "delete this file for everyone" command. Weston explains that this feature provides Microsoft with the ability to implement centralized fixes across multiple machines, effectively streamlining the recovery process.
Furthermore, Microsoft has been working closely with its partners within the Microsoft Virus Initiative (MVI) to improve security and reliability in Windows PCs and servers. The company is now requiring these partners to adhere to specific guidelines, including enhanced testing and response processes, as well as safe deployment practices that involve gradual rollouts and monitoring and recovery procedures. These steps are aimed at reducing the likelihood of similar incidents occurring in the future.
In an effort to further enhance security, Microsoft has also been exploring the possibility of enabling antivirus scanning outside of the kernel space. CrowdStrike's software operates at the kernel level of Windows, which granted it unrestricted access to system memory and hardware, ultimately leading to a Blue Screen of Death as soon as affected systems began to boot. To address this challenge, Microsoft is now developing a new framework that security vendors will be incentivized to use.
"We're developing a framework that [security vendors] want to use and they're incentivized to use, now it has to be good enough to fill their use case," Weston remarks. The development of this new framework represents a significant technical challenge for Microsoft, as it seeks to centralize the scanning process while meeting the requirements of various security vendors. However, the company is confident in its ability to overcome these hurdles, citing the expertise of its employees across endpoint detection and kernel space.
At Microsoft's Windows Endpoint Security Ecosystem Summit in September, the company had kernel architects from the Windows team present at the event to engage directly with security vendors such as CrowdStrike on the prospect of moving scanning outside of the kernel. These discussions aim to facilitate a mutually beneficial arrangement that will enhance the security posture of both Microsoft and its partners.
Ultimately, the success of this new initiative will depend on the level of cooperation between Microsoft and its customers, including security vendors like CrowdStrike. By implementing a framework that allows for antivirus scanning outside of the kernel space, Microsoft is taking a proactive step towards mitigating future security incidents. The company's commitment to improving the resiliency and reliability of Windows represents an important shift in its approach to addressing customer concerns.
As Weston notes, "We sort of control physics here. We can change the memory manager or the driver framework, and we don’t have to abide by the rules that a third-party developer would." This statement highlights Microsoft's ability to exert significant influence over the inner workings of Windows, thereby enabling it to develop solutions tailored to its customers' needs.
The implementation of this new initiative marks an important milestone in Microsoft's efforts to enhance the security and reliability of Windows. By taking proactive steps towards addressing concerns raised by its customers, the company is demonstrating its commitment to providing a secure and dependable platform for users around the world.
Related Information:
https://www.theverge.com/2024/11/19/24299873/microsoft-windows-resiliency-initiative-crowdstrike-incident
Published: Tue Nov 19 08:33:37 2024 by llama3.2 3B Q4_K_M
