Redmond business leaders line up to say what’s new in Windows  security.

BSODs Begone!

What’s the craic? Kyle Wiggers reports: Microsoft beefs up Windows security with new recovery and patching features

“Under intense scrutiny”
In the aftermath of the devastating CrowdStrike outage this July, Microsoft vowed to do better even though it insisted that the event was an aberration. … During Microsoft Ignite 2024, [it] shared how it’s making changes to Windows to prevent similar incidents.
…
Quick Machine Recovery will allow IT admins to remotely make certain software fixes even when Windows machines aren’t able to boot. Microsoft says it’s also testing a way to let security products like antivirus software run outside of “kernel mode:” … scheduled to launch in private preview in July 2025, [it] addresses the root cause of the CrowdStrike outage.
…
Microsoft is … under intense scrutiny over its handling of the CrowdStrike incident. … CEO Satya Nadella has claimed that security is now Microsoft’s top priority. The equivalent of 34,000 full-time engineers are revamping the company’s cybersecurity practices, the company said, and every employee is now being judged on their security contributions.

More detail, please? Sergiu Gatlan obliges: New Windows 11 recovery tool to let admins remotely fix unbootable devices

“Negative impact”
“Quick Machine Recovery” … doesn’t require hands-on access to fix Windows boot issues. [It] is part of a new Windows Resiliency Initiative launched in response to a widespread July 2024 outage caused by a buggy CrowdStrike Falcon update that rendered hundreds of thousands of Windows devices unbootable, impacting airlines, hospitals, and emergency services worldwide. Those affected said their Windows hosts got stuck in a boot loop or showed the Blue Screen of Death (BSOD)
…
The company is also working with security vendors as part of the Microsoft Virus Initiative (MVI) to add new Windows features and tools that will allow security software to run outside the Windows kernel to avoid incidents like [that]. … Kernel-level access increases the risk that a buggy driver or update could cause a device to crash and no longer boot. … Security vendors and Microsoft will adopt Safe Deployment Practices that will require all security product updates to be gradual, leverage deployment rings, and be monitored to ensure minimal negative impact.

Context? Ed Bott got it: Microsoft to tighten Windows security dramatically

“Likely to be months or years”
Last summer’s CrowdStrike meltdown caused billions of dollars in damage and exposed some fundamental architectural flaws in the Windows platform. A single flawed update from one vendor was enough to crash millions of PCs and servers; … getting those machines back online required direct human intervention. [The] Quick Machine Recovery … feature leverages the Windows Recovery Environment and can be used to install fixes from Microsoft or from third parties.
…
[But] the biggest change of all will allow developers to build security products that can operate in user mode instead of requiring kernel mode. The company says it will share a private preview with its partners in the security endpoint community in July 2025. Given the fundamental nature of that change, it’s likely to be months or years before security products leveraging those changes are widely available.

Horse’s mouth? Microsoft’s David “dwizzzle” Weston clearly did not write this without PR help:

At Ignite 2024, we will highlight new Windows security innovations. … Our first step is born out of the learnings from the July incident: … Quick Machine Recovery … will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. [It] will be available to the Windows Insider Program community in early 2025.
…
And … we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust. … Security is a pursuit, and not a destination.

Are you feeling some déjà vu? Sam Sabin is, too:

Yes, but, some of these product updates were in the works before the CrowdStrike outage. … “For sure, there are learnings for us from the incident in July,” … Pavan Davuluri, corporate vice president of Windows and devices … said, but he noted that much of this work also started when the company began building Windows 11.

I’m thinking even earlier than that. u/goretsky wrangles the Wayback machine:

[In 2006] Microsoft announced to dozens of its antivirus partners … that they would be implementing kernel patch protection … to improve the security of that operating system’s kernel. … Some of the partners … were upset enough about it to unleash their PR departments.
…
Microsoft had been dealing with the European Commission … and one of the remedies that Microsoft itself proposed to the EC was that its partners have the same level of access to APIs that the company did, which was accepted. … To sum things up, Microsoft went ahead with its PatchGuard plans, rootkits became rarer over time, and the world did not end for AV vendors.

Does anyone believe this “34K FTE” claim? gillbates eyerolls furiously:

Can’t see the stars through the clouds. … If that’s the metric you’re using to gauge security success, you are almost certainly doing it wrong. If you can employ that many engineers on security matters, it means that you aren’t managing your attack surface properly.
…
In spite of them trying … to bolt on security, [Microsoft] continue to be plagued by rather embarrassing and high profile security incidents. … The core issue is that Microsoft is not, and never has been, a secure OS vendor.… Articles like these are meant to convince Windows users that they need not switch to a secure platform.
…
Microsoft culture asks, “Why not?” — rather than, “What could possibly go wrong?!”

And what about these proposed Safe Deployment Practices? Here’s RVS053063’s own ocular circulation:

So basically, IT 101 best practices. It’s amazing that has to be spelled out for CrowdStrike.

Still—good news, yeah? u/crappydeli sums up the announcements:

The OS is turning 40. Let’s focus on stability this week.

Meanwhile, gweihir sounds slightly cynical:

“Sweeping Changes” you say? So the situation before was utter ****? Don’t answer that—we know it was. … Microsoft does not do good engineering.

And Finally:

How does this only have 700 views?

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.