{"id":2037060,"date":"2024-11-20T12:03:14","date_gmt":"2024-11-20T17:03:14","guid":{"rendered":"https:\/\/securityboulevard.com\/?p=2037060"},"modified":"2024-11-21T11:58:18","modified_gmt":"2024-11-21T16:58:18","slug":"microsoft-ignite-2024-security-crowdstrike-richixbw","status":"publish","type":"post","link":"https:\/\/securityboulevard.com\/2024\/11\/microsoft-ignite-2024-security-crowdstrike-richixbw\/","title":{"rendered":"Microsoft Veeps Ignite Fire Under CrowdStrike"},"content":{"rendered":"
\"DavidRedmond business leaders line up to say what\u2019s new in Windows\u202f\u202fsecurity.<\/strong><\/h5>\n

Microsoft vice presidents David \u201cdwizzzle\u201d Weston (pictured) and Pavan Davuluri (errm, not)<\/strong> are among the anointed ones making noise this week. They\u2019re telling all\u2014about preventing a repeat of July\u2019s CrowdStrike d\u00e9b\u00e2cle.
\n
\nMicrosoft Ignite 2024 is their nexus of (ahem) \u201clearnings.\u201d<\/strong>\u00a0In today\u2019s SB\u202f\u202fBlogwatch<\/a>, we hunker down in the windy city.
\n
\nYour humble blog\u00adwatcher<\/a> curated these bloggy bits for your enter\u00adtain\u00adment. Not to mention:\u202f\u202fROS\u00c9&Mars\u00adx<\/em>\u00adJ\u00adx<\/em>\u00adGrande\u00adx<\/em>\u00adMinaj.
\n<\/p>\n

BSODs Begone!<\/h2>\n

What\u2019s the craic?<\/strong> Kyle Wiggers reports: Microsoft beefs up Windows security with new recovery and patching features<\/a><\/p>\n

\u201cUnder intense scrutiny<\/tt>\u201d<\/strong>
\nIn the aftermath of the devastating CrowdStrike outage this July, Microsoft vowed to do better even though it insisted that the event was an aberration. \u2026 During Microsoft Ignite 2024, [it] shared how it\u2019s making changes to Windows to prevent similar incidents.
\n\u2026
\nQuick Machine Recovery<\/i> will allow IT admins to remotely make certain software fixes even when Windows machines aren\u2019t able to boot. Microsoft says it\u2019s also testing a way to let security products like antivirus software run outside of \u201ckernel mode:\u201d\u202f\u2026\u202fsched\u00aduled to launch in private preview in July 2025, [it] addresses the root cause of the CrowdStrike outage<\/a>.
\n\u2026
\nMicrosoft is\u202f\u2026\u202funder intense scrutiny over its handling of the CrowdStrike incident. \u2026 CEO Satya Nadella has claimed that security is now Microsoft\u2019s top priority. The equivalent of 34,000 full-time engineers are revamping the company\u2019s cybersecurity practices, the company said, and every employee is now being judged on their security contributions.
\n<\/p>\n

More detail, please?<\/strong> Sergiu Gatlan obliges: New Windows 11 recovery tool to let admins remotely fix unbootable devices<\/a><\/p>\n

\u201cNegative impact<\/tt>\u201d<\/strong>
\n“Quick Machine Recovery”\u202f\u2026\u202fdoesn’t require hands-on access to fix Windows boot issues. [It] is part of a new Windows Resiliency Initiative launched in response to a widespread July 2024 outage caused by a buggy CrowdStrike Falcon update that rendered hundreds of thousands of Windows devices unbootable, impacting airlines, hospitals, and emergency services worldwide. Those affected said their Windows hosts got stuck in a boot loop or showed the Blue Screen of Death (BSOD)
\n\u2026
\nThe company is also working with security vendors as part of the Microsoft Virus Initiative (MVI) to add new Windows features and tools that will allow security software to run outside the Windows kernel to avoid incidents like [that]. \u2026 Kernel-level access increases the risk that a buggy driver or update could cause a device to crash and no longer boot. \u2026 Security vendors and Microsoft will adopt Safe Deployment Practices that will require all security product updates to be gradual, leverage deployment rings<\/a>, and be monitored to ensure minimal negative impact.
\n<\/p>\n

Context?<\/strong> Ed Bott got it: Microsoft to tighten Windows security dramatically<\/a><\/p>\n

\u201cLikely to be months or years<\/tt>\u201d<\/strong>
\nLast summer’s CrowdStrike meltdown caused billions of dollars in damage and exposed some fundamental architectural flaws in the Windows platform. A single flawed update from one vendor was enough to crash millions of PCs and serv\u00aders. [The] Quick Machine Recov\u00adery\u202f\u2026\u202ffeat\u00adure leverages the Windows Recovery Environment and can be used to install fixes from Microsoft or from third parties.
\n\u2026
\n[But] the biggest change of all will allow developers to build security products that can operate in user mode instead of requiring kernel mode. The company says it will share a private preview with its partners in the security endpoint community in July 2025. Given the fundamental nature of that change, it’s likely to be months or years before security products leveraging those changes are widely available.
\n<\/p>\n

Horse\u2019s mouth?<\/strong> Microsoft\u2019s David \u201cdwizzzle\u201d Weston<\/a> clearly did not write this without PR help:<\/p>\n

At Ignite 2024, we will highlight new Windows security innovations. \u2026 Our first step is born out of the learnings from the July inci\u00addent:\u202f\u2026\u202fQuick Machine Recov\u00adery\u202f\u2026\u202fwill enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. [It] will be available to the Windows Insider Program community in early 2025.
\n\u2026
\nAnd\u202f\u2026\u202fwe are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust<\/a>. \u2026 Security is a pursuit, and not a destination.
\n<\/p>\n

Are you feeling some d\u00e9j\u00e0 vu?<\/strong> Sam Sabin<\/a> is, too:<\/p>\n

Yes, but, some of these product updates were in the works before<\/i> the CrowdStrike outage. \u2026 “For sure, there are learnings for us from the incident in July,”\u202f\u2026\u202fPavan Davuluri, corporate vice president of Windows and devices\u202f\u2026\u202fsaid, but he noted that much of this work also started when the company began building Windows 11.
\n<\/p>\n

I\u2019m thinking even earlier than that.<\/strong> u\/goretsky<\/a> wrangles the Wayback machine:<\/p>\n

[In 2006] Microsoft announced to dozens of its antivirus partners\u202f\u2026\u202fthat they would be implementing kernel patch protection\u202f\u2026\u202fto improve the security of that operating system’s kernel. \u2026 Some of the partners\u202f\u2026\u202fwere upset enough about it to unleash their PR departments.
\n\u2026
\nMicrosoft had been dealing with the European Commission\u202f\u2026\u202fand one of the remedies that Microsoft itself proposed to the EC was that its partners have the same level of access to APIs that the company did, which was accepted. \u2026 To sum things up, Microsoft went ahead with its PatchGuard plans, rootkits became rarer over time, and the world did not end for AV vendors.
\n<\/p>\n

Does anyone believe this \u201c34K FTE\u201d claim?<\/strong> gillbates<\/a> eyerolls furiously:<\/p>\n

Can’t see the stars through the clouds. \u2026 If that’s the metric you’re using to gauge security success, you are almost certainly doing it wrong. If you can employ that many engineers on security matters, it means that you aren’t managing your attack surface properly.
\n\u2026
\nIn spite of them trying\u202f\u2026\u202fto bolt on<\/i> security, [Microsoft] continue to be plagued by rather embarrassing and high profile security incidents. \u2026 The core issue is that Microsoft is not, and never has been, a secure OS vendor.\u2026 Articles like these are meant to convince Windows users that they need not switch to a secure platform.
\n\u2026
\nMicrosoft culture asks, “Why not?” \u2014 rather than, “What could possibly go wrong?!”
\n<\/p>\n

And what about these proposed Safe Deployment Practices?<\/strong> Here\u2019s RVS053063<\/a>\u2019s own ocular circulation:<\/p>\n

So basically, IT 101 best practices. It’s amazing that has to be spelled out for CrowdStrike.
\n<\/p>\n

Still\u2014good news, yeah?<\/strong> u\/crappydeli<\/a> sums up the announcements:<\/p>\n

The OS is turning 40. Let\u2019s focus on stability this week.
\n<\/p>\n

Meanwhile,<\/strong> gweihir<\/a> sounds slightly<\/i> cynical:<\/p>\n

“Sweeping Changes” you say? So the situation before was utter ****? Don’t answer that\u2014we know it was. \u2026 Microsoft does not do good engineering.
\n<\/p>\n

And Finally:<\/h4>\n

How does this only have 700 views?<\/a><\/b>