Microsoft introduces new security features to Windows: hot patching, quick recovery, fewer privileges


Not even an antivirus shall have kernel access. Microsoft is planning a major hardening of Windows security in 2025.

Following the CrowdStrike outage this summer, which bricked millions of computers, Microsoft has announced major improvements to Windows security and resiliency, which will be rolled out next year.

ADVERTISEMENT

Remote recovery of broken machines

The July incident left IT admins unable to remotely fix PCs, which were stuck in a boot loop. By early 2025, the Windows Insider community will be able to test the new Quick Machine Recovery feature.

This remote recovery tool allows the execution of targeted Windows Update fixes on PCs even when they are unable to boot, “without needing physical access to the PC.”

“This remote recovery will unblock your employees from broad issues much faster than has been possible in the past,” promises David Weston, Vice President of Enterprise and OS Security at Microsoft.

Niamh Ancell BW Ernestas Naprys Gintaras Radauskas jurgita
Don’t miss our latest stories on Google News

Big purge from kernel, including antivirus software

Multiple changes are pushing apps and users out of admin privileges. Microsoft sees overprivileged users and applications as one of its longstanding challenges.

Windows has a new Administrator protection solution in preview, where standard user permissions are set by default. When users need to make system changes, requiring admin rights, such as app installation, they’ll be prompted to securely authorize the change using the secure login system Windows Hello.

ADVERTISEMENT

Security will be improved by creating a temporary isolated admin token to get the job done.

“This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist. Administrator protection helps ensure that users, and not malware, remain in control of system resources,” Weston said in a blog post.

Any potential attackers will be disrupted as they will no longer have automatic, direct access to the kernel or other critical system resources without specific authorization.

Microsoft says that even security solutions should stay out of the kernel.

“We are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode. This means security products, like anti-virus solutions, can run in user mode just as apps do,” Weston explains.

In July 2025, Microsoft will make a private preview of the change available for the security product ecosystem. The hope is that this change will provide a high level of security while also affecting Windows less in the event of crashes and mistakes.

Under the new initiative, partners will be required to roll-out security product updates gradually, leveraging deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum.

According to the 2024 Microsoft Digital Defense Report, user privileges abusing token theft incidents have grown to 39,000 per day.

Focus on trusted apps and drivers

Microsoft suggests that businesses use Smart App Control policies to eliminate attacks such as malicious attachments and social-engineered malware.

ADVERTISEMENT

“IT admins can simply select the ‘signed and reputable policy’ template in the app control wizard. This enables millions of verified apps to run regardless of the deployment location. Line of business apps unknown to Microsoft can be easily added by the IT admin through policy changes or via Microsoft Intune managed app deployments.”

The new, more secure Windows printing system works without extra third-party drivers.

Hotpatch is now a thing on Windows

Windows Preview also contains a new Hotpatch ‘revolutionary feature,’ that allows businesses to apply critical security updates without requiring a system restart. Linux systems have had live patching for around a decade now.

“Hotpatch in Windows is being introduced for Windows 11 Enterprise 24H2 and Windows 365,” Weston said.

Hotpatch will shorten the time to adopt critical security updates “by up to 60% from the moment a security update is offered.”

Microsoft also believes the new feature will reduce the number of required system restarts from 12 times a year to just four.

Other features strengthen privacy and security

There are many other security features that Microsoft plans on highlighting at Ignite 2024.

The tech giant is adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.

ADVERTISEMENT

To protect credentials, the built-in MFA solution Windows Hello has been further hardened and extended to support passkeys. Users no longer need to choose between a simple sign-in and a safe sign-in. Windows Hello is also being used to protect Recall and Personal Data Encryption.

Microsoft also provides more encryption options, such as Personal Data Encryption for known folders. When enabled, a device administrator won’t be able to view file content until authenticated with Windows Hello.

IT admins can restrict access to unapproved domains and block outbound traffic using IP addresses using the Zero Trust DNS solution, introduced in May 2024. It blocks all outbound traffic by default, except essential services.

The new Config feature is available now and allows admins to automatically fix settings that may have been changed accidentally by other users or apps.