Microsoft is making some major Windows security changes following CrowdStrike outage

Microsoft has revealed plans to revise the Windows operating system to allow security vendors, including CrowdStrike , to operate outside of the Windows kernel.

The news comes after a CrowdStrike update caused a worldwide Windows outage, impacting millions of devices and taking businesses offline.

CrowdStrike’s problematic update, which caused widespread system crashes, sparked several debates about the risks of kernel access, and a recent Microsoft-hosted security summit has now led to the company’s decision to revise its OS.

Microsoft responds to CrowdStrike outage

A core component of the Windows operating system, the kernel has access to system memory and hardware. Even the slightest error can cause widespread chaos, and so Microsoft is planning to move security vendors out of the Windows kernel in order to enhance resiliency and security.

David Weston, VP of Enterprise and OS Security at Microsoft, shared : “Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which.”

The company is collaborating with a number of major security players, including CrowdStrike, Broadcom, Sophos and Trend Micro, to develop a new platform that meets the security needs of vendors without compromising system performance and threatening future outages.

Drew Bagley, VP & Counsel of Privacy and Cyber Policy at CrowdStrike, commented: “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”

Trend Micro COO Kevin Simzer added: “I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders

Although confirmation that Microsoft will close off kernel access isn’t explicit, its engagement in collaboratory discussions with security companies is a promising sign.

More from TechRadar Pro

• Check out the best endpoint security software
• We’ve rounded up a list of the best small business servers
• CrowdStrike reveals what went wrong — and it's pretty much what we expected