Microsoft has announced an upcoming summit focused on Windows security that will take place at its headquarters in Redmond, Washington. This summit, scheduled for September 10th, will bring together Microsoft engineers and key partners, including cybersecurity firm CrowdStrike, to address recent security incidents and discuss ways to enhance Windows security moving forward.
One of the key topics of discussion at the summit will undoubtedly be the recent CrowdStrike incident, where a faulty software update caused 8.5 million Windows devices to go offline. This incident has raised important questions about the level of access security vendors have within the Windows kernel and how such incidents can be prevented in the future.
Microsoft has hinted at the need for changes to the Windows operating system to improve resiliency and has even suggested the possibility of moving security vendors out of the Windows kernel. CrowdStrike’s software operates at the kernel level, giving it unrestricted access to system memory and hardware. While Microsoft has not explicitly mentioned this in its communication about the summit, it is likely to be a significant topic of discussion.
According to Aidan Marcuss, corporate vice president of Microsoft Windows and devices, the primary objective of the security summit is to identify concrete steps that all parties involved can take to enhance security and resiliency for Windows users. The summit will focus on improving safe deployment practices, designing systems for resiliency, and fostering collaboration among partners in the cybersecurity ecosystem.
In addition to addressing the access levels of security vendors within the Windows kernel, the summit will tackle broader issues related to Windows security. Technical sessions will cover topics such as safe deployment practices, enhancements to the Windows platform and API sets, and the use of memory-safe programming languages like Rust.
Microsoft’s efforts to enhance Windows security come at a time when the company is facing increased scrutiny over its security practices. The software giant is implementing a security overhaul, with employees now being evaluated based on their contributions to security. This shift has led Microsoft to seek closer collaboration with security vendors like CrowdStrike.
However, there is likely to be pushback from security vendors who rely on deep access to the Windows kernel to develop innovative security solutions. These vendors may be concerned about being excluded from the kernel, as well as the potential impact on their products if Microsoft prioritizes its own Defender security offerings.
By convening the Windows Endpoint Security Ecosystem Summit, Microsoft is taking a proactive step towards addressing security concerns and fostering collaboration within the cybersecurity community. The summit represents an opportunity for all stakeholders to work together to improve security and resiliency for Windows users.
Following the summit, Microsoft plans to share updates on the conversations and outcomes, with the hope of establishing a consensus on measures to prevent future security incidents. Ultimately, the success of this initiative will depend on the willingness of all parties involved to collaborate and prioritize the security of Windows users.
Leave a Reply