Microsoft introduces the Windows Resiliency Initiative in response to the July CrowdStrike incident.
The July CrowdStrike incident disrupted 8.5 million Windows PCs and servers, prompting Microsoft to take action with a new initiative to prevent similar events. The Windows Resiliency Initiative implements crucial changes to improve Windows’ security and reliability, addressing concerns Microsoft’s largest customers raised.
Microsoft Security Layers
Key Improvements in Windows Resiliency
The initiative introduces core updates designed to help IT teams recover Windows-based systems more effectively in case of critical issues. Enhancements include:
- Quick Machine Recovery: Leveraging updates to the Windows Recovery Environment (Windows RE), this feature allows IT administrators to address issues on machines that cannot boot remotely. For example, administrators could remotely delete problematic files via a Windows Update to the recovery environment. David Weston, Microsoft’s VP of Enterprise and OS Security, stated that a centralized solution will enable addressing common issues for many customers directly through Windows RE.
- Stronger App and Driver Controls: Improved tools restrict apps and drivers allowed to run on Windows systems, limiting vulnerabilities.
- Antivirus Processing Outside the Kernel: Microsoft is collaborating with security partners to move antivirus operations out of the kernel, the system’s core, with unrestricted access to hardware and memory. The CrowdStrike incident highlighted the risks of kernel-level operations when a faulty CrowdStrike update caused widespread Blue Screen of Death errors.
Improving Vendor Practices
To address concerns raised by customers, Microsoft is enforcing stricter protocols for vendors participating in the Microsoft Virus Initiative (MVI), including:
- Better testing and response processes.
- Safer deployment practices, such as gradual rollouts and robust monitoring.
- Enhanced recovery procedures.
These measures ensure that Windows PC and server updates are more reliable and less prone to catastrophic errors.
A New Security Framework in Development
Microsoft is also developing a framework to enable antivirus scanning outside the kernel. In July 2025, a private preview will be shared with Windows security partners.
Weston stated that while the technical challenge is considerable, they are confident in their ability to succeed and are working closely with vendors like CrowdStrike to improve their approach.
Enhanced Administrator Tools and Language Security
In addition to resilience updates, Windows 11 is gaining a new administrator protection feature. This functionality grants temporary admin rights for specific tasks after authentication via Windows Hello. The admin token is destroyed immediately after the task, ensuring no persistent admin privileges remain.
Windows Hello Security Improvement
Meanwhile, Microsoft is advancing its transition to memory-safe programming languages. By gradually shifting functionality from C++ to Rust, the company aims to bolster the operating system’s security, aligning with broader industry efforts encouraged by the White House.
Securing Windows for the Future
Microsoft is taking decisive steps to ensure Windows is more secure and resilient to potential disruptions. Weston expressed confidence in their ability to succeed because they can adjust the technical aspects of their system, such as the memory manager and driver framework, to meet their goals.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | TikTok | RSS Feed
