Last summer, a catastrophic error in a CrowdStrike update left over 8.5 million Windows devices around the globe incapacitated. Healthcare centers, airlines, businesses of all sizes… all affected by the Blue Screen of Death. A failure in a kernel-level driver triggered a global collapse that Microsoft never wants to repeat.
Therefore, the Redmond company is making a radical turnaround in its security architecture: it will remove antivirus and threat detection systems from the core of Windows, where they have resided for decades.
Goodbye to Total Access
The core of an operating system is its most sensitive area. There, any error or conflict can have severe consequences. For years, Microsoft allowed antivirus programs to operate with kernel-level privileges to intercept any threats before they reached the system. But this strategy also opened the door to catastrophic failures, like that of CrowdStrike.
David Weston, Microsoft’s vice president of security, sums it up clearly: “We want to prevent this kind of incident from happening again. That’s why we are redesigning how security solutions interact with Windows.”
A New Platform Built Together
Microsoft has gathered industry heavyweights—CrowdStrike, Bitdefender, ESET, Trend Micro, and many others—to build a new security platform for Windows. The idea is to move antivirus (AV) and endpoint detection and response (EDR) solutions out of the kernel and into the user space, where errors are far less risky.
Weston emphasizes that the process is collaborative: “We’re not imposing rules; we’re writing them together. Each provider has shared with us how the API should work, allowing us to create a robust solution shared across the industry.”
The project is already in a private preview phase, and multiple iterations are expected before it’s ready for widespread adoption. It won’t eliminate all kernel-level drivers immediately, but it is a first step toward a safer future.
And Video Games?
One of the most delicate aspects is the use of kernel-level drivers in anti-cheat engines for video games, particularly in competitive multiplayer titles. Microsoft is already in talks with developers like Riot Games (creators of Valorant) to explore how they could adapt to the new model.
“Many game studios would be happy not to have to maintain components in the kernel,” explains Weston. “We are taking their requirements seriously.”
The gaming industry has been reluctant to change, given that cheats often run at a low level to avoid detection. However, the risks to system stability and compatibility with Linux/Steam Deck are driving a necessary debate.
Quick Recovery and the End of the “Blue Screen”
Alongside these changes, Microsoft will launch a new feature this summer called Quick Machine Recovery, which will allow devices affected by serious errors to access the Windows recovery environment and send diagnostic data, even without fully booting the system.
Moreover, the iconic "Blue Screen of Death" (BSOD) is set to be retired. Windows will now show a black screen in such cases as part of a more modern and subtle error management strategy.
Lessons Learned from Global Chaos
The CrowdStrike incident, which affected everything from airlines to hospitals, highlighted that granting kernel-level access to third-party software is a systemic risk. Microsoft has publicly acknowledged that it wishes it had tools like Quick Machine Recovery back then. Now, it aims to be proactive.
In Weston’s words: “We are building what we would have loved to have during that incident.”
A Change That Goes Beyond Code
Beyond the technical aspects, this transformation represents a shift in philosophy: fewer privileges, more collaboration, and enhanced structural security. A slow transition, but one that could redefine the trust model in the Windows ecosystem.
Will it be enough to prevent another global disaster like that of 2024? Only time will tell. But at least this time, Microsoft doesn’t intend to go it alone.
via: theverge and Hackernews