Four months after a botched security update brought an estimated 8.5 million Windows servers and PCs to their knees, Microsoft has announced the Windows Resiliency Initiative to hopefully avoid such an outage from happening again.
The new initiative includes core changes to improve the reliability of Windows systems, new security features for Windows 11, and will require better deployment practices from security vendors.
More security, fewer global outages
Microsoft’s new initiative includes what it calls a “Quick Machine Recovery” feature, as part of the core Windows changes and as a result of improvements to the Windows Recovery Environment (Windows RE). This should allow IT admins to target and fix problematic machines remotely, even if they aren’t able to get past the boot stage. The feature will be available to Windows Insiders in early 2025.
David Weston, vice president of enterprise and OS security at Microsoft explained the improvements in an interview with The Verge. “In a future event, hopefully that never happens, we could push out [an update] from Windows Update to this Recovery Environment that says delete this file for everyone.”
“If there’s one central problem that we need to push to a lot of customers, this gives us the ability to do that from Windows RE,” he continued.
Read More: Microsoft introduces Copilot Actions, a new slate of set-and-forget AI automations
In terms of better deployment practices, Microsoft now requires specific steps from security vendors to bolster the reliability of their security products. “In addition to increased testing and strengthened incident response processes, these partners must follow safe deployment practices for updates to your Windows endpoints. The practices include controlled gradual rollouts, and the monitoring and recovery procedures,” reads a blog post.
The tech giant has also been working to allow antivirus programs and services to run outside of kernel mode. This should mean that if a bad update is rolled out in future, or the program crashes, it won’t bring the whole system down because it isn’t running in the core part of the operating system with unrestricted access – exactly what happened with CrowdStrike in July.
Better security at home
Closer to home, Microsoft showed off a new feature that it is already testing with Windows Insiders called administrator protection. As the name implies, the new feature seeks to protect the elevated privileges of system admins by giving Windows users standard permissions by default.
If a user needs admin permissions, the feature will prompt them to verify their identity using Windows Hello and will grant that user temporary admin privileges for a specific task.
“Windows creates a temporary isolated admin token to get the job done. This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist,” explained Weston.