Following the worldwide outage caused by a Crowdstrike security update, Microsoft is thinking about limiting access to its Windows kernel to avoid any future mishaps. It’s perhaps not surprising, considering it was a $5 billion hiccup if estimated losses are anything to go by.
The issue with leaving such profound access to the core of an operating system is that any bug can heavily impact the machine causing irrecuperable crashes. In fact, this was a perfect example as it required more than 15 system restarts to finally gain back access to the machine.
The benefit of such access is substantial, however, as security screening is run at the lowest levels, stopping even the most advanced attacks. It’s so effective at stopping tampering that even some game anti-cheat systems work similarly. Valorant springs to mind.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” says John Cable, vice president of program management for Windows servicing and delivery. “While no path has been chosen yet, Cable talked about the VBS (Virtualization Based Security) enclaves, which provide an isolated computing environment that doesn’t require kernel mode. What is sure is that Microsoft will continue encouraging zero-trust approaches that don’t rely on kernel access.
Crowdstrike blames a bug in its testing software that didn’t properly validate the update before publishing. This bug, which had a limited reach, all things considered, gave a taste of what the Y2K bug could have been. Due to the damages, the US House Committee has requested public testimony from Crowdstrike CEO George Kurtz.
As if it wasn’t enough, the security company’s reaction to this incident was meme-worthy as it offered $10 Uber Eats vouchers to employees of affected companies. Probably to keep them awake while they fix the mess they didn’t ask for during their weekend break. Worse yet, some say that the vouchers didn’t even work.
While Crowdstrike is in the spotlight, it’s far from being the only company offering such services. Funnily enough, many Russian systems were saved from this bug due to ongoing restrictions, which pushed many to switch to local security firms such as Kaspersky.
The Redmond giant is still helping Crowdstrike fix the mess it created with its buggy update, which touched around 8.5 million PCs. So, any potential changes will have to wait a bit.