Following the massive Windows outage in July caused by a faulty CrowdStrike update, Microsoft is working on a way to allow security products to “run in user mode like applications do,” said Microsoft’s David Weston .

Following the huge Windows caused by CrowdStrike breakdown As of July, Microsoft is working on a way to allow security products to avoid impacting the Windows kernel, a Microsoft executive revealed Tuesday.

CrowdStrike’s access to the kernel, which is Windows’ main control center, was identified as a key factor that allowed the faulty July 19 CrowdStrike Falcon update to send 8.5 million devices Windows in a “blue screen of death” state, leading to widespread spread. societal disruptions.

(Related: CrowdStrike sues Delta: 5 key takeaways)

In response to calls For Microsoft to offer an alternative to kernel access to security tool vendors, the tech giant announced that additional options are officially on the way.

“We are developing new Windows features that will enable security product developers to build their products outside of kernel mode,” wrote David Weston, vice president of enterprise and operating system security at Microsoft, in a press release. job Tuesday.

As a result, security products will be able to “operate in user mode, just like applications,” Weston said.

It will also mean “easier recovery” and “less impact on Windows in the event of a crash or error”, he said.

However, the new features will not be available for some time. Weston’s blog states that the private preview will be offered to security vendors in July 2025.

Notably, there was no mention that Microsoft plans to mandate the alternative method and restrict access to the Windows kernel to endpoint security vendors.

The move follows Microsoft’s endpoint security summit in September, which was attended by executives from major industry vendors, including CrowdStrike.

Joe Levy, CEO of Sophos, who was among the attendees, told CRN that Microsoft has expressed interest in finding different ways for the kernel to respond to errors caused by security tool updates.

“I hope this will start to drive an evolution of the security protocols that the endpoint security ecosystem itself deploys,” Levy said at the time.

Simpler Fixes for Windows

Meanwhile, Microsoft also unveiled additional features on Tuesday that were “born from the learnings of the July incident,” Weston wrote.

The upcoming Quick Machine Recovery feature will allow IT administrators to “run targeted fixes from Windows Update on PCs, even when machines fail to boot, without the need for physical access to the PC,” a- he writes.

The Quick Machine Recovery feature will be available through the Windows Insider Program starting in early 2025, Weston said.