Microsoft starts campaign to make Windows security more like Mac post-CrowdStrike

3 months ago 62
macOS exploit found by Microsoft could bypass System Integrity Protection

CrowdStrike has nearly run its full course of damage, and Microsoft is looking ahead to prevent the next such catastrophe. Step one in the company’s playbook? Follow Apple’s lead and make Windows security more Mac-like by limiting kernel access.

Microsoft intends to limit kernel access, following Apple’s example

John Cable writes for Microsoft’s IT blog:

This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience. These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.

Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture. These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access.

Some might wonder: who is this John Cable?

Cable is the Vice President of Windows Servicing and Delivery, which his profile says is “the organization responsible for keeping the billion+ Windows devices protected and productive.”

He may not be Satya Nadella, but he sure sounds like one of the main people responsible for ensuring an outage like CrowdStrike never happens again.

That means his words carry a lot of weight.

Microsoft isn’t just issuing an empty apology with vague promises. It’s loudly signaling its intention to limit kernel access for companies like CrowdStrike in the future.

The company won’t be stripping away kernel privileges in a forthcoming Windows update. A shift like this will take significant time. But Microsoft’s direction for the future appears clear.

Why Macs weren’t impacted by CrowdStrike

Apple’s strict Mac security protocols don’t allow the same kind of kernel access to third parties as Windows does. This is why Macs weren’t impacted by the CrowdStrike outage.

Though I’ve joked that CrowdStrike was a free marketing campaign for the Mac, I didn’t actually expect Microsoft to implement serious security changes that follow the Mac’s example. The company outright said it couldn’t—but apparently it intends to try.

It will take some time before we see the fruits of Microsoft’s efforts. But here’s hoping the world won’t have to face an incident like CrowdStrike again before we do.

Do you think Microsoft will follow through and restrict kernel access? Let us know in the comments.

FTC: We use income earning auto affiliate links. More.

Read Entire Article