Skip to main content

Microsoft considers surprising change to prevent future outages

The Blue Screen of Death seen on a laptop.
Maxim Tolchinskiy / Unsplash

The massive IT outage from last weekend was not a bad look for CrowdStrike — but Microsoft too. To avoid future large-scale issues, Microsoft is evaluating blocking third-party security software from accessing the Windows Kernel, according to a blog post by John Cable, VP of program management for Windows servicing and delivery.

If this change were to be put in place, the restriction would imitate Apple’s 2020 move, which limited third-party software from accessing its core operating system. The change was introduced in macOS Big Sur, ensuring that every system partition (or volume) that contains the core operating system is cryptographic verified, down to every last file. The goal, of course, is preventing changes from third-party entities that could melt down the whole system. Sound familiar?

Of course, it’s a change easier said than done. Microsoft attempted to do exactly this in 2006 with Windows Vista, preventing third parties from having kernel access. However, the plan failed due to resistance from EU regulators and complaints from — you guessed it — cybersecurity vendors.

In the blog post, John Cable states, “Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture.” He goes on to state that they will continue to develop these capabilities and enhance the resiliency of the Windows ecosystem.

In theory, by preventing security software from accessing the kernel, Windows would never again experience the worldwide outage it recently experienced, and that caused 8.5 million PCs to crash due to a CrowdStrike bug. The downside, of course, is that preventing kernel access would also mean that the security software would not be able to monitor for any potential threats. After all, moving in this direction doesn’t mean that other types of attacks are impossible.

Let’s be clear: Microsoft did not confirm that this is the path it will take from now on. But this blog post certainly threw the idea in the air, and that’s significant. More than ever before, there may be a stronger incentive to consider locking down Windows now that we’ve seen the wreckage of the situation.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Microsoft accidentally released 38TB of private data in a major leak
A large monitor displaying a security hacking breach warning.

It’s just been revealed that Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page, where potentially anyone could see it. Among the data trove was a backup of two former employees’ workstations, which contained keys, passwords, secrets, and more than 30,000 private Teams messages.

According to cloud security firm Wiz, the leak was published on Microsoft’s artificial intelligence (AI) GitHub repository and was accidentally included in a tranche of open-source training data. That means visitors were encouraged to download it, meaning it could have fallen into the wrong hands again and again.

Read more
Hackers are sending malware through seemingly innocent Microsoft Teams messages
Microsoft Teams

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called "DarkGate Loader" has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads "changes to the vacation schedule." Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Read more
Chinese hackers targeting critical U.S. infrastructure, Microsoft warns
chinese hackers caught targeting vital us infrastructure china flags

State-sponsored hackers based in China have been working to compromise critical infrastructure in the U.S., Microsoft said on Wednesday. It’s thought the attacks could lead to the disruption of important communications between the U.S. and its interests in Asia during future crises.

Notable target sites include Guam, a small island in the Pacific with an important U.S. army base that could play an important role in any clash with China over Taiwan.

Read more