Microsoft Building

Microsoft unveils resiliency, security enhancements following July global IT outage

Redmond plans to use safe deployment practices with endpoint security partners
Pro

21 November 2024

Microsoft unveiled the Windows Resiliency Initiative, which follows the July global IT outage linked to a faulty CrowdStrike software update, according to a blog post from David Weston, VP of enterprise and OS security at Microsoft. The effort is intended to advance the company’s prior efforts to overhaul its security culture.

“We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers,” Weston said in the blog. 

Microsoft will allow IT administrators to make changes to Windows Update on PCs, even if the machines are unable to boot up. Administrators will not require physical access to the machines to make the necessary changes. 

The service will be available to the Windows Insider Program community starting in early 2025.

Microsoft also plans to use safe deployment practices with endpoint security partners to make sure security upgrades are gradual and monitored. The goal is to minimize any negative results from rollouts. 

Microsoft is enabling new capabilities for developers to allow the development of security products outside of kernel mode. For example, anti-virus solutions will be able to run in user mode in the same way apps are run. These changes will be in preview starting in July 2025. 

Microsoft is gradually going to adopt safer programming languages by moving away from C++ to Rust. 

Microsoft in November 2023 announced its Secure Future Initiative (SFI) following the July state-linked attack against Microsoft Exchange Online, which led to the exfiltration of 60,000 e-mails from the U.S. State Department and other sensitive accounts. 

The US Cyber Safety Review Board blasted the company in a report saying Microsoft prioritised speed to market and feature sets over security. 

The faulty CrowdStrike upgrade led to the crash of more than 8.5 million Windows devices, resulting in massive customer disruptions at airlines, hospitals, emergency services and financial institutions across the globe. 

Microsoft held a summit with security partners from the US and Europe to work on efforts to boost resilience.

The company shared an update on its SFI efforts to improve its internal governance and security culture, noting how employees are being held accountable for incorporating security concerns into the product development process.

Cybersecurity Dive

Read More:


Back to Top ↑

TechCentral.ie