After a bug in a CrowdStrike update crippled millions of Windows computers, Microsoft is reconsidering whether third parties need access to the operating system at the kernel level.

Security specialist CrowdStrike bears the main blame for the bug in an update that crashed around 8.5 million Windows systems last week and caused around $5 billion in damage. But Microsoft also plays a leading role in the story. The Windows builder made no mistakes, but the effects of the CrowdStrike bug are a direct result of the software’s kernel access.

Good reason, big consequences

Microsoft is now examining whether it still makes sense to grant third parties such as CrowdStrike access at the kernel level. Kernel drivers perform an important task. After all, they enable software to run under Windows with the highest possible security privileges.

For security software, these permissions are important because they help protect systems from threats. But as last week’s bug showed, kernel access has a downside. When something goes wrong, it goes horribly wrong immediately.

Promises to the EU

Microsoft does not simply grant CrowdStrike and other security companies access to kernel-level APIs. Redmond can use this access for its own security solutions. The company committed to the EU in 2009 to grant the same access to third parties to ensure fair competition in the Windows security market.

In a blog post, Microsoft now points out that times have changed and Windows must change with them. It seems that changes and innovations are necessary to build resilience. Specifically, Microsoft wants to phase out kernel privileges but replace them with alternatives so that partners can continue to build their own security tools.

New technology

One solution could be so-called VBS enclaves. They provide an isolated environment for software like CrowdStrike, allowing it to run with the same security guarantees as a kernel-mode application. In other words, malware cannot attack the software in a VBS enclave any more than kernel-level code can.

However, if something goes wrong during an update to the code in the enclave, the impact is theoretically far less severe. The security software faced with a bug can crash without affecting the entire operating system.

Given the impact of the CrowdStrike flaw, it is likely that Microsoft will want the keys to the Windows kernel back, and alternatives that did not exist in 2009 will help keep the Windows security market just as competitive.