Microsoft has announced plans to overhaul Windows security, allowing vendors like CrowdStrike to operate outside the core Windows kernel.
The decision follows a major security summit at Microsoft’s headquarters in Redmond, Washington, where changes were discussed in response to the July CrowdStrike incident that impacted 8.5 million Windows PCs and servers.
The problem stemmed from CrowdStrike’s security software, which operates at the kernel level—the most critical part of an operating system, with unrestricted access to system memory and hardware. A faulty update to CrowdStrike’s software triggered widespread Blue Screen of Death errors, crashing affected systems. This event intensified discussions about the risks of allowing third-party security tools to have such deep access to the kernel.
Since the incident, Microsoft has been considering changes to enhance system resilience and has suggested moving security vendors out of kernel mode to avoid similar disasters. However, making this shift has been a delicate process, as both partners and regulators have expressed concerns about unilateral changes.
Microsoft has now formally engaged with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro to outline the requirements for a new security platform. David Weston, Microsoft’s vice president of enterprise and OS security, said the company has discussed with partners how to meet performance needs while offering anti-tampering protection and ensuring security products can operate effectively without kernel access. The goal is to create a more resilient security framework without compromising security.
