Microsoft continues to assist CrowdStrike in addressing the fallout from a problematic update that caused 8.5 million PCs to go offline a week ago. The tech giant is now advocating for changes to Windows to enhance its resilience and suggests that security vendors like CrowdStrike should limit kernel access.
CrowdStrike’s recent issues stemmed from a faulty update in their Falcon software, which operates at the kernel level—the core part of an operating system with unrestricted access to system memory and hardware. This level of access means that any error can result in significant system failures, like the Blue Screen of Death.
Microsoft appears ready to revisit the idea of limiting kernel access within Windows. John Cable, vice president of program management for Windows servicing and delivery, emphasized in a blog post titled “The Path Forward” the need for Windows to focus on end-to-end resilience and called for enhanced cooperation with security partners.
Cable stated that Microsoft would continue to develop capabilities that encourage secure development practices without relying on kernel access, aiming to strengthen the Windows ecosystem’s resilience through collaboration with the security community.
This initiative might spark further discussions about Windows kernel access. Despite regulatory constraints preventing Microsoft from locking down its OS as Apple did, there are concerns from industry leaders like Cloudflare CEO Matthew Prince about the impact of increased restrictions. Microsoft will need to balance the needs of security vendors if it intends to pursue significant changes.