Heimdal
article featured image

Contents:

Microsoft announced hosting a Windows Endpoint Security Ecosystem Summit on September 10th. The event aims to find ways of improving security and resiliency for joint customers. Discussions will take place at Microsoft’s headquarters in Redmond, Washington.

Corporate Vice President Aidan Marcuss said:

The CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem. Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.

Source – Windows blogs

Limiting access to kernel mode for security vendors is on the table

Business news world leader CNBC quoted an anonymous Microsoft executive saying that security software could be prevented from running in kernel mode.

The executive said participants at the Windows Endpoint Security Ecosystem Summit will explore the possibility of having applications rely more on a part of Windows called user mode instead of the more privileged kernel mode.

Source – CNBC.com

A previous post on Microsoft’s blog explained why cybersecurity products need privileged access to kernel drivers.

If an attacker gets admin-level privileges, advanced malware could disable security software running in user-mode.

Also, a malicious insider, like a disgruntled employee, could jeopardize an organization’s safety by turning off the security application.

Additionally, access to kernel drivers gives security products full visibility inside a system. This makes threat detection and response capabilities more comprehensive and effective.

In the blog, Vice President David Weston highlighted that security vendors should treat operating in kernel mode with extra care. He would advise minimizing kernel usage as best practices.

In their official communication, Microsoft wasn’t too specific regarding the details of the discussions to take place. Neither did they reveal their own point of view on what could some ‘concrete steps’ to prevent future situations like the CrowdStrike outage from happening.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE