Microsoft will host a major Windows security summit next month at its Redmond, Wash., headquarters. The Windows Endpoint Security Ecosystem Summit on September 10 will bring together Microsoft engineers and vendors such as CrowdStrike to discuss improvements to Windows security and third-party best practices to try to prevent another CrowdStrike incident from happening again.
“Microsoft, CrowdStrike and key partners providing endpoint security technology will come together to discuss improving resiliency and protecting our joint customers’ critical infrastructure,” said Aidan Marcuss, corporate vice president, Windows and Devices, Microsoft. “Our goal is to discuss the specific steps we will take to improve the security and resiliency of our mutual customers.”
Last month, a problematic CrowdStrike update forced 8.5 million Windows devices offline, sparking a wider discussion about how to avoid such incidents in the future. Microsoft has called for changes to Windows to improve resiliency and dropped some subtle hints about moving security vendors out of the core of Windows.
CrowdStrike’s software operates at the core level – the core part of the operating system that provides unrestricted access to system memory and hardware. This caused the errant update to cause a blue screen of death on startup for affected machines last month, thanks to CrowdStrike’s special driver that allows it to run at a lower level than most applications, so it can Detect threats in Windows systems.
While Microsoft didn’t directly mention Windows Core Access in its blog post announcing the Windows Security Summit, it’s sure to be an important part of the discussion next month. “The CrowdStrike outage in July 2024 provided important lessons for us as an ecosystem,” Marcuss said. “Our discussions will focus on improving security and secure deployment practices, designing resilient systems, and working together as a thriving community of partners to best serve current and future customers.”
In 2006, Microsoft tried to turn off access to the Windows core in Windows Vista, but faced resistance from network security vendors and regulators. This time, Microsoft is inviting government representatives to its Security Summit “to ensure the highest level of transparency for community collaboration to deliver safer, more reliable technology for everyone.”
Microsoft’s security summit won’t just focus on Windows core access issues, because improving the resiliency and security of Windows goes far beyond a single issue. The summit will include technical sessions discussing secure deployment practices, improvements to the Windows platform and API set, and the use of more memory-safe programming languages such as Rust.
The summit coincides with Microsoft’s broader security overhaul following years of security concerns and criticism. Microsoft employees are now judged directly on their security efforts, so it’s understandable that engineers are eager to work more closely with vendors like CrowdStrike.
However, the prospect of being kicked out of the Windows core is sure to be met with resistance from security vendors. On the one hand, third-party developers want to develop innovative security solutions for Windows that require deep access; on the other hand, Microsoft doesn’t want its entire operating system to be brought down by a faulty update that it has no control over.
Security vendors also often worry that any changes Microsoft makes to Windows will benefit or prioritize the Defender security product it sells to businesses. Microsoft has a complex and unique relationship with security vendors because it builds the Windows platform for them and then acquires paying security customers.
By convening the summit, Microsoft is clearly hoping to ease some of the tensions and lay out short- and long-term actions for everyone involved in making Windows more secure and resilient. The software giant plans to share an update on the conversation after the event in hopes of reaching a strong consensus on what steps can be taken to avoid such a devastating outage from happening again.
