Microsoft changes focus to kernel-level security following CrowdStrike event

Preferably, such privileged entry should be regulated strictly, making sure sufficiently tested, digitally signed software with restricted privileges is utilized,” Varkey included. “It is also vital for the OS supplier to be open with its associates about their potential weaknesses and hazards, which might affect the stability of the Kernel.”

Nevertheless, the CrowdStrike occurrence, with its disastrous consequences, appears to have prodded Microsoft enough to revive that discussion.

“Presently, Microsoft’s choice to bar kernel-level entry for third parties might diminish the potential danger of such occurrences,” Varkey mentioned. “However, all third-party suppliers currently having kernel entry privileges might need to discover a new strategy in cooperation with OS suppliers to accomplish their goal.” Otherwise, security solutions provided by OS suppliers could become the norm and the sole answer, Varkey included.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts