Microsoft wants to make future CrowdStrike outages impossible, and it could mean big changes for security software

Microsoft appears to want to shift away from security software having kernel access on Windows 11, though the company hasn’t said that outright.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

The recentCrowdStrike outagecaused 8.5 million PCs to crash, affected millions of people, and potentially cost businesses billions of dollars. Referred to by many as the “digital pandemic,” the outage has drawn response from CrowdStrike, Microsoft, and security experts. The outage was caused by a CrowdStrike bug, and Microsoft is looking into options that could make similar outages impossible in the future.

“The recentCrowdStrike incidentunderscores the need for mission-critical resiliency within every organization, and our unique ability to support the change required,“said Microsoft’s John Cable, vice president of program management for Windows servicing and delivery.

CrowdStrike, and some other pieces of security software, run at a kernel level on Windows 11. That setup gives security tools like CrowdStrike access to a PC’s memory and parts of the operating system usually closed off to other applications. This is possible at the moment because kernel access allows a piece of software to monitor a system, but it also means that a faulty driver in something like CrowdStrike can cause a PC to crash.

Cable explained that the recent CrowdStrike outage “shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience.” While Cable did not specifically say that Microsoft will shift security software away from having kernel access, the examples he shared are for security methods that do not require accessing the Windows kernel.

VBS enclaves, which Cable highlighted, does not require kernel access. Microsoft Azure Attestation service is another security measure that could protect systems without putting a PC at the same risks presented by an app having kernel access.

“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access,” said Cable. “We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

If Microsoft moved away from allowing security apps to have kernel access, a buggy update from CrowdStrike or another app would not be able to cause PCs to crash. Other types of attacks would still be possible, of course, as cybersecurity is incredibly complex, but the specific type of issue that caused the CrowdStrike outage would not be possible.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

What was the CrowdStrike outage?

•Best CrowdStrike outage memes•How to fix CrowdStrike BSoD error•How to configure BitLocker on Windows 11•Microsoft updates CrowdStrike recovery tool•Musk seems to blame diversity for CrowdStrike outage

The CrowdStrike outage was an incident that saw 8.5 million PCs crash and show the “Blue Screen of Death” (BSoD). The situation caused planes to be grounded, banks to be affected, and emergency services to go down. It was one of the largest outages of its kind to ever occur, and it will likely have serious ramifications across several sectors.

The outage was caused by a buggy driver update sent out by CrowdStrike, but the issue only affected PCs running Windows. Because of that fact, some called the incidnet the “Microsoft outage.” While Microsoft was not directly at fault for the issue, systems running the tech giant’s operating system were the ones to crash, so Microsoft has had to look at solutions.

Microsoft released aCrowdStrike recovery tool, which has since been updated to support multiple recovery methods.

Severalmemes were made about the CrowdStrike outage, and there were people who enjoyed a surprise day off, but the situation was quite serious. There’s a good chance that billions of people were affected by the outage, at least indirectly. Businesses have also lost money due to services being down.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.