Microsoft aims to develop a specialized platform within the Windows operating system for antivirus monitoring, preventing security products from accessing the kernel, as detailed in a recent blog post on Windows Experience. This initiative is driven by the need to avoid incidents like the CrowdStrike debacle that occurred in July.
During a summit at Microsoft’s headquarters in Redmond, Washington, on September 10, 2024, the company introduced the concept of the new platform. The summit brought together endpoint security vendors and government officials to enhance resiliency and protect critical infrastructure for their customers.
While Microsoft did not make any final decisions at the summit, they shared key ideas and themes, discussing performance challenges, anti-tampering protection, security sensor requirements, developer collaboration, and secure design goals for the new platform.
Although Microsoft has not confirmed plans to block kernel access, they are working towards shifting security products like CrowdStrike out of the kernel, prioritizing enhanced reliability without sacrificing security in the long term.
At the summit, ESET, an antivirus provider, emphasized the importance of maintaining kernel access for cybersecurity innovation and threat detection. They also provided safety tips for customers, including secure data backups and preparedness for major incidents.
The catastrophic CrowdStrike incident resulted in the crash of 8.5 million Windows PCs and servers, with airlines being particularly affected. Customers are advised to take precautions to prevent similar future disasters.
