Microsoft to host CrowdStrike and others to discuss Windows security changes

Posted by
Check your BMI
Vector illustration of the Crowdstrike logo.
Image: The Verge
toonsbymoonlight

Microsoft is hosting an important summit on Windows security at its Redmond, Washington, headquarters next month. The Windows Endpoint Security Ecosystem Summit on September 10th will bring together Microsoft engineers and vendors like CrowdStrike to discuss improvements to Windows security and third-party best practices to try and prevent another CrowdStrike incident.

“Microsoft, CrowdStrike and key partners who deliver endpoint security technologies will come together for discussions about improving resiliency and protecting mutual customers’ critical infrastructure,” says Aidan Marcuss, corporate vice president of Microsoft Windows and devices. “Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.”

The buggy CrowdStrike update that forced 8.5 million Windows devices offline last month has triggered broader discussions about how such an incident can be avoided in the future. Microsoft has already called for changes to Windows to improve resiliency and has dropped some subtle hints about moving security vendors out of the Windows kernel.

CrowdStrike’s software runs at the kernel level — the core part of an operating system that has unrestricted access to system memory and hardware. That enabled the faulty update to cause a Blue Screen of Death at startup on affected machines last month, thanks to CrowdStrike’s special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system.

While Microsoft doesn’t directly mention Windows kernel access in its blog post announcing its Windows security summit, it’s bound to be a big part of the discussions next month. “The CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem,” says Marcuss. “Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.”

Microsoft tried to close off access to the Windows kernel in Windows Vista in 2006, but it was met with pushback from cybersecurity vendors and regulators. This time, Microsoft is inviting government representatives to its security summit “to ensure the highest level of transparency to the community’s collaboration to deliver more secure and reliable technology for all.”

Microsoft’s security summit won’t only focus on the Windows kernel access question, simply because improving resiliency and security for Windows goes far beyond just a single issue. The summit will include technical sessions to discuss safe deployment practices, improvements to the Windows platform and API sets, and using more memory-safe programming languages like Rust.

The summit comes right in the middle of Microsoft’s broader security overhaul of its own, following years of security issues and criticisms. Microsoft employees are now being judged directly on their security work, so engineers are understandably keen to engage more closely with vendors like CrowdStrike.

There is bound to be pushback from security vendors at the prospect of being kicked out of the Windows kernel, though. On one side, third-party developers want to develop innovative security solutions for Windows that require deep access, and on the flip side, Microsoft doesn’t want its entire operating system being brought down by a faulty update it has no control over.

Security vendors also often fear that any changes Microsoft makes to Windows will benefit or prioritize its own Defender security products that it sells to businesses. Microsoft has a complicated and unique relationship with security vendors because it builds the Windows platform for them and then competes for paid security customers.

By calling for a summit, Microsoft is clearly hoping to ease some of those tensions and generate short- and long-term actions for everyone involved in improving security and resiliency for Windows. The software giant is planning to share updates on the conversations after the event, and hopefully, there’s a strong consensus on what steps to take to avoid this type of devastating outage again.