Security? We've heard of it: How Microsoft plans to better defend Windows
- Reference: 1732562111
- News link: https://www.theregister.co.uk/2024/11/25/microsoft_talks_up_beefier_windows/
- Source link:
In a [1]post that did not mention the word "CrowdStrike" and instead referred to "learnings from the incident we saw in July," Microsoft introduced the "Windows Resiliency Initiative" or, as administrators still in therapy after that particular July incident might describe it, "nailing jelly to a wall."
As well as taking lessons from the [2]CrowdStrike incident , in which millions of Windows devices were left hopelessly broken by a malformed update from a security vendor, Microsoft has said areas of focus include enabling more apps and users to run without administrative privileges, stronger controls for what apps and drivers are allowed to run, and improved identity protection to prevent phishing attacks.
[3]
It's all laudable stuff, although much of it feels like it could have happened earlier. [4]SFI is already more than a year old . In September 2024, Microsoft [5]boasted of the 34,000 full-time engineers it had dedicated to SFI. With that many engineers are needed, the company should probably take a look at the surface area available for attack.
[6]
[7]
And then there are the incidents, such as July's, that have only highlighted architectural weaknesses. The [8]reliance by some cybersecurity vendors on kernel-mode code has been an accident waiting to happen and lay at the heart of the CrowdStrike problem.
To help administrators recover machines unable to boot without having to get hands-on with the hardware, Microsoft has announced Quick Machine Recovery, due to roll out to Windows Insiders in the early part of 2025.
[9]How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code
[10]Microsoft breaks timezones in Settings and calls on an unlikely ally for help
[11]Microsoft Exchange update fixes security flaws, breaks other stuff
[12]Microsoft still not said anything about unexpected Windows Server 2025 installs
The trick is, however, not to get an enterprise's Windows devices to that stage. To that end, Microsoft repeated its vow to open up more of Windows so that vendors can run their solutions in user mode rather than dive down to the potentially riskier kernel level. The company also talked about adopting Safe Deployment Practices, "which means that all security product updates must be gradual, leverage deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum."
It will take until July 2025, a year after CrowdStrike's update took down a large chunk of the Windows ecosystem, before Microsoft will make a private preview of the new capabilities available.
[13]
Other changes in preview now include Administrator protection, where users have standard permissions, but temporary rights can be granted if needed, and Hotpatch in Windows, a "revolutionary" feature that allows critical security updates to be applied without requiring a restart. ®
Get our [14]Tech Resources
[1] https://blogs.windows.com/windowsexperience/2024/11/19/windows-security-and-resiliency-protecting-your-business/
[2] https://www.theregister.com/2024/07/23/crowdstrike_failure_shows_need_for/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0UBjdJudNbAEDmQc2znTAAAABY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://www.theregister.com/2023/11/03/microsoft_secure_future_initiative/
[5] https://www.theregister.com/2024/09/23/microsoft_secure_future_initiative/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0UBjdJudNbAEDmQc2znTAAAABY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0UBjdJudNbAEDmQc2znTAAAABY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/07/29/microsoft_crowdstrike_kernel_mode/
[9] https://www.theregister.com/2024/07/23/crowdstrike_failure_shows_need_for/
[10] https://www.theregister.com/2024/11/19/microsoft_breaks_timezones_in_settings/
[11] https://www.theregister.com/2024/11/15/microsoft_exchange_buggy_patch/
[12] https://www.theregister.com/2024/11/08/windows_2025_surprise_install/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0UBjdJudNbAEDmQc2znTAAAABY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://whitepapers.theregister.com/
Hotpatch Desiato: spending a year dead for tax reasons until someone comes along and presses the reset switch.
"security is our top priority,"
Where have I heard that one before?*
I do wonder how many 'top priorities' there are, and how swiftly they get replaced by the one next in line. Time was when having an empowered workforce was a 'top priority', oh, and 'safety is our top priority' is another one I recall from a while ago. Then, of course 'Customers are our top priority' usually comes around after a data breach.
It would be really nice if some company actually admitted that there are lots of essential things they should be doing, like: security, safety, honesty, anti-bullying, anti-sexual harassment, anti-bribery, equality, (add to the list as you wish), and that they all matter. But I'll not be holding my breath.
*Rhetorical question, no answer required.
Re: "security is our top priority,"
The extra spit-take thing about this is that their crazy-ass AI push REQUIRES security to be tossed out the window, bathwater, baby, the entire damn tub. 'Empowered workforce' is just an eyerolling 'uh huh', but MS going 'security is our top priority' is the guy who rents machine guns to Florida Man saying 'gun safety is our top priority'.
Re: "security is our top priority,"
If security is a top priority and SFI is more than a marketing gag i'd have expected some design documents for public review before 34k engineers start on the implementation.
Oh, i forgot Micros~1 is the industry leader and knows security by obscurity is best practice. /s
FFS
If only they could've realised this and done something about it 30+ years ago. The MS attitude towards security and users would've killed off other businesses decades ago, now, and for many years, we've all been treated as idiots and well and truly tucked over.
Stop apps in %appdata%
Would be a good starting point
"Hotpatch ®"...
Sounds familiar... I think there was this other operating system that already implemented that years ago.... If I could only remember the name...