After the apocalyptic tech meltdown sparked by last summer’s CrowdStrike update, Microsoft is making moves to stop it from ever happening again.
Almost a year after the outage, Microsoft is rolling out what it's calling the Windows Resiliency Initiative, a series of architectural changes aimed at preventing the kind of single-point-of-failure that made the CrowdStrike collapse so catastrophic.
Microsoft held a security summit late last year with CrowdStrike and its biggest competitors in the endpoint protection field. The key change discussed is moving third-party security code out of the kernel.
The kernel is the crucial part of any operating system. While most apps run in user mode, meaning they crash quietly without taking the whole OS with them, with Kernel-mode software, when it goes down, everything else goes with it.
Instead, the company wants antivirus and endpoint protection software to run in user mode, the same layer as regular apps. According to Microsoft, the new capabilities will first roll out in July, in a private preview to hand-picked partners in the security space who are already signed up to the Virus Initiative 3.0.
Microsoft’s announcement features backing statements from several key partners, including Bitdefender, ESET, SentinelOne, Trellix, Trend Micro, WithSecure, Sophos, and CrowdStrike.
Crowdstrike outage still haunts
These changes are part of the company’s efforts to streamline the broader strategy to improve the resiliency of the Windows operating system after last year’s CrowdStrike outage.
On July 19th, 2024, a software update pushed by cybersecurity firm CrowdStrike knocked 8.5 million Windows devices offline. While less than one percent of machines rely on the Microsoft operating system, the disastrous update caused widespread outages worldwide, affecting banks, healthcare, and other strategic sectors.
The outage forced multiple air carriers around the world to ground flights, including United and American Airlines, as well as smaller US carriers such as Spirit and Frontier. Delta sued Crowdstrike, blaming the cybersecurity firm for the $500 million in losses it incurred because of the "catastrophic" IT outage.
The update slipped through the cracks due to errors in the cybersecurity vendor’s content validation software. In the preliminary Post Incident Review (PIR), the company admits it over-relied on its past successes and promised improvements.
Microsoft retires the blue screen of death
Microsoft has also confirmed that it’s rebranding the error screen from the traditional blue background and frowning face to a more corporate, simplified black version.
This new version will show the percentage left for the computer to restart, as well as the stop code and the faulty system driver, making it “easier than ever to navigate unexpected restarts and recover faster,” according to Microsoft.
The simplified error screen will be rolled out later this summer on all Windows 11, version 24H2, devices.
Your email address will not be published. Required fields are markedmarked