Microsoft is planning a major security overhaul after CrowdStrike Fiasco that lost billions

In response to a recent global IT outage that caused significant disruptions, Microsoft is taking decisive steps to enhance the security and resilience of its Windows operating system.

The outage, triggered by a flawed update from cybersecurity firm CrowdStrike, resulted in millions of PCs and servers crashing worldwide, prompting Microsoft to rethink its security procedures.

The company is now intensifying efforts to make Windows more resistant to such incidents and is in active discussions with its partners about adapting security protocols to prevent similar issues in the future.

CrowdStrike fiasco’s impact
On July 19, a faulty software update from CrowdStrike caused the crash of approximately 8.5 million Windows devices, leading to widespread disruptions, including grounded flights and missed hospital appointments.

The financial toll of this incident is estimated to be in the billions. This event has drawn sharp criticism from regulators and business leaders, who are scrutinizing the level of access that third-party software vendors have to the core, or kernel, of Windows operating systems.

The kernel is a critical part of an operating system, and any bugs within it can lead to catastrophic failures, such as the infamous “blue screens of death” that appeared globally during the CrowdStrike incident.

Critics argue that the failure to address these vulnerabilities sooner reflects shortcomings in how Windows handles third-party security software. As a result, Microsoft is now under pressure to implement changes that would better protect its systems from similar errors in the future.

Proposed changes
Microsoft is considering several options to enhance system stability, including potentially blocking third-party access to the Windows kernel altogether. This move, while it could prevent similar outages, is controversial.

Competitors fear that such a change could give Microsoft’s own security product, Microsoft Defender, an unfair advantage over other cybersecurity tools. There is concern within the industry that this shift would not only limit the effectiveness of third-party security software but also disrupt the compatibility with other software that has made Windows popular among business customers.

In response to these concerns, Microsoft is exploring alternative solutions. One possibility is to demand stricter testing procedures from cybersecurity vendors before their software can interact with Windows.

Another option could involve adopting a model similar to that of Apple, which restricts all third-party access to the kernel in its macOS, forcing external software to operate in a more limited “user mode.”

However, Microsoft has previously refrained from this approach, partly due to a 2009 agreement with the European Commission that required the company to provide third parties with the same access to its systems as its own security tools.

Industry experts have noted that while blocking kernel access could enhance system security, it would also create significant trade-offs. Security vendors argue that operating within the kernel allows them to gather more information about potential threats and deploy defensive measures more effectively.

Limiting their access could make their products less effective against sophisticated cyberattacks.

Going open-source
Microsoft is also considering adopting a model similar to the open-source Linux operating system, which uses a filtering mechanism to create a segregated environment within the kernel. This approach could allow software, including cybersecurity tools, to run safely without compromising system stability.

However, implementing such changes would be complex and could be difficult for regulators to oversee, leading to concerns that Microsoft might favour its own products in the process.

Microsoft’s upcoming summit, scheduled for September 10 at its headquarters near Seattle, will bring together government representatives and cybersecurity companies, including CrowdStrike, to discuss steps for improving security and resilience in the wake of the recent incident.

This gathering marks an important moment in the ongoing efforts to strengthen Windows’ defenses against future threats and ensure that the platform remains robust and reliable for users worldwide. As Microsoft navigates these challenges, the decisions it makes could have far-reaching implications for the cybersecurity industry and the broader tech landscape.