Microsoft is continuing to help CrowdStrike recover from a major outage last week, when a bug in a security software update disrupted 8.5 million computers worldwide. But the software giant is calling for change, hinting that Windows stability is a priority and that developers should limit the rights of their cybersecurity solutions to avoid similar incidents in the future.
CrowdStrike blames the incident on a bug in the test software used to test updates before they are widely distributed. However, the company’s Falcon security software runs at the Windows kernel level, the core part of the operating system that has unlimited access to system memory and hardware. Because of this, software failures can cause Windows to crash and cause blue screens of death (BSODs).
The Falcon app uses a special driver that allows it to operate at the Windows kernel level and detect threats in the system. Microsoft tried to restrict third-party apps’ access to the Windows kernel in 2006, but faced resistance from cybersecurity vendors and EU regulators. Apple, however, was able to close access to the macOS kernel for third-party developers in 2020.
The recent incident appears to have prompted Microsoft to reopen the conversation about potentially shutting down access to the Windows kernel. “This incident has made it clear that Windows must prioritize change and innovation in the area of resilience,” a Microsoft spokesperson said in a statement. He also noted that Microsoft is encouraging partners to work more closely together to improve security and make Windows more stable.
While Microsoft hasn’t specified what specific improvements it will make to Windows following the CrowdStrike incident, it likely involves restricting access to the operating system’s kernel for third-party developers, including cybersecurity vendors. The company can’t simply shut that down because of regulators, but it’s possible that Microsoft plans to do so eventually.
If you notice an error, select it with your mouse and press CTRL+ENTER.