Microsoft Convenes Cybersecurity Summit Following Global IT Disruption
Microsoft is planning updates to Windows that will enable CrowdStrike and other security vendors to operate outside the kernel. Though the industry agrees the CrowdStrike caused outage was not Microsoft’s fault, it has sparked discussions on whether security products should have kernel-level access.
This topic was a focal point at the Windows Endpoint Security Ecosystem Summit on September 10, involving Microsoft, government officials, and cybersecurity firms. The conference marked the first significant step by Microsoft to address the issues that affected nearly 8.5 million Windows devices on July 19, disrupting operations across industries ranging from major airlines to banks and healthcare.
Kernel access enhances the effectiveness of security products by operating at a deep level, yet it poses potential risks. Unlike Microsoft, Apple restricts this level of access to mitigate these risks. A kernel is the main interface between the software running on a computer and its hardware.
Reducing kernel access could prevent security product updates, like those from CrowdStrike, from causing system-wide crashes. The summit gathered Microsoft representatives, government officials, and partners within the Microsoft Virus Initiative to address these issues. The attendees emphasized the importance of sharing information to manage updates and handle disruptions effectively, as noted by David Weston, Microsoft’s VP of Enterprise, and OS Security.
Key topics included Microsoft’s Safe Deployment Practices and community discussions on best practices, including data sharing and documented processes. “A gradual and staged deployment of updates is crucial”, Weston stated, highlighting a practice recently adopted by CrowdStrike.
The summit also considered new platform capabilities for Windows, such as Windows 11’s enhanced security features, which provide security solutions outside of kernel mode. Ecosystem partners support expanding security capabilities beyond kernel level for increased reliability. “As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security,” says Weston.
Microsoft is looking to collaborate with partners on designing these new capabilities, aiming for enhanced reliability without sacrificing security. Weston also stressed the need for robust business.
Security vendors, like ESET, back Microsoft’s initiatives, advocating for ecosystem changes that bolster stability without compromising performance or security. However, ESET insists that kernel access should remain an option to foster innovation and threat detection.
Sean Wright, head of application security at Featurespace, appreciates the summit and the ideas shared, but believes vendor accountability remains key. He underscores the need for proper testing and staggered rollouts, referencing deficiencies in CrowdStrike’s July update.
Despite the rarity of such incidents, with only one major occurrence over many years, the CrowdStrike issue highlights the importance of responsible kernel access, Wright emphasized. He notes a similar incident with CrowdStrike on Linux, reinforcing the need for careful consideration.
Microsoft is going to continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security. The world will be watching to see what Microsoft does.
Read More: