Never Another CrowdStrike Outage? This Change in Windows Should Prevent It

Microsoft is looking to change how key security software, like CrowdStrike, functions within Windows 11. Last week’s global outage was caused by a bug in a new CrowdStrike driver that was causing Windows computers to crash, but that only happened because CrowdStrike has far greater privileges than other apps in Windows 11.

Far-reaching rights

CrowdStrike has so-called kernel rights in Windows 11. That level gives programs full access to RAM and parts of the operating system that are shielded from less important apps.

It makes sense that essential security apps like CrowdStrike would have such far-reaching permissions, but that’s also what allowed a driver bug to crash so many PCs around the world.

Backups and quick system restore options

A situation that according to John Cablea leader of the Microsoft team that provides Windows updates, is not desirable. So Microsoft needs to take a good look at new techniques and development methods that do not depend on whether a program has kernel rights or not.

As an example, he points to Virtualization-Based Security enclaves, a new feature in Windows 11 that provides an isolated environment where kernel privileges aren’t needed to run software like CrowdStrike securely. According to Cage, conversations with companies have shown that those that were able to recover most quickly from the CrowdStrike outage took those same steps, such as having up-to-date backups, as well as quick recovery options for Windows systems.

Millions of Blue Screens of Death

The global computer outage grounded planes and delayed hospital surgeries a week ago. At least 8.5 million Windows PCs crashed worldwide, mostly those of business users, who consistently received a blue screen of death to see, which kept coming back. A bug in a new driver of CrowdStrike turned out to be the cause.

Read more Windows news and stay up to date with our Bright app.