Microsoft recently announced that they’re making changes to their Windows operating system to improve security and reliability. The company has introduced the Windows Resiliency Initiative, a comprehensive strategy to address critical vulnerabilities and enhance overall system integrity. These new features will be available to the Windows Insider Program community sometime in early 2025.
Why the Need for the Resilience Initiative?
Following the CrowdStrike outage that crashed over 8 million Windows PCs and servers and caused an estimated $5.4 billion in losses over the summer, Microsoft was faced with the crucial task of ensuring that this would never happen again and regaining the trust of their users. With cyberattacks on operating systems, applications, and networks becoming more sophisticated, the tech giant formulated a strategy to enhance the protection of Windows systems, focusing strongly on phishing attacks.
During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns. The goal of the Windows Resiliency Initiative is to prevent future system outages and to add other security features to protect against exploiting the operating system and accessing users’ personal data.
David Weston, VP of enterprise and OS security, said in a blog post, “We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers.”
Key Components of the Initiative
Microsoft’s Windows Resiliency Initiative covers four areas of focus: apply the lessons learned from incidents to improve reliability, enable apps and users to run without admin privileges, create stronger controls for what apps and drivers are allowed to run, and strengthen identity protection tools to defend against phishing attacks.
Strengthening Reliability
After learning from July’s outage, Microsoft is implementing measures to make Windows more stable. This includes its new Quick Machine Recovery feature, which allows IT administrators to remotely diagnose and repair compromised or non-bootable devices, minimizing downtime and potential data loss. Administrators will also no longer be required to have physical access to the machines to make changes to Windows Updates.
Reducing Administrative Privileges
When attackers attempt to gain access to a system, they tend to target systems and applications that will grant them privileged access to the computer and network. This is typically elevated or admin-level user access that’s required for the application to function properly. Microsoft sought to address this issue, and as a result, they created a new feature called administrative protection. Users will be given standard user accounts by default.
In addition, developers will now be able to develop products outside of the kernel, which means fewer Windows applications will require administrative privileges to run, limiting the potential impact of successful attacks. This approach also helps to contain the spread of malware and ransomware, which, according to Microsoft’s Digital Defense Report, resulted in 93% of these attacks being successful due to them having access to so many privileged user accounts.
Stronger Apps & Drivers Controls
Microsoft is implementing stricter controls over the installation and execution of unsafe drivers and applications. The new “Smart App Control” feature will reduce the risk of malicious software infiltrating systems by ensuring only verified apps can run on the PC. IT admins can select a template that only allows “signed and reputable” apps to run and add unknown apps through policy changes.
Improving Identity Protection
According to Microsoft’s Entra ID data, more than 600 million identity attacks occur daily, and 99% of them are password based. As a result, Microsoft is investing in advanced identity protection technologies to safeguard user accounts and prevent phishing attacks and unauthorized access. This includes strengthening password policies, implementing multi-factor authentication, and leveraging advanced threat detection techniques.
Other Improvements from the Initiative
Weston also highlights other commitments made by Microsoft to enhance the security and resilience of Windows devices in order to remain a secure platform for their partners, developers, and customers. This includes working with security vendors, adding new encryption features to protect personal information, and even implementing new coding languages into their platform.
Collaboration with Security Partners
Microsoft is actively collaborating with security vendors and researchers through initiatives like the Microsoft Virus Initiative (MVI) to share threat intelligence and improve the security posture of Windows devices. These partnerships will involve:
- Safe deployment practices: Microsoft will adopt safer and more secure product update deployments and recovery procedures.
- Enhanced monitoring: Rollouts will be monitored to minimize negative impacts from updates and patches.
Data Protection
Windows 11 Enterprise introduced a new Personal Data Encryption feature. This feature uses Windows Hello authentication to help protect files stored in known locations like the Desktop, Documents, and Pictures folders. Users and device administrators won’t be able to view files, and they will remain encrypted until they’re authenticated with Windows Hello.
Transition to Rust
Microsoft revealed that they’re gradually transitioning specific components from C++ to Rust, a popular language known for its safety, to improve code security and reliability.
Bottom Line: The Initiative Is a Step in the Right Direction
The Windows Resiliency Initiative has the potential to enhance the security and reliability of Windows devices significantly. It represents a significant step forward in Microsoft’s commitment to securing its flagship operating system. By addressing critical vulnerabilities from past mistakes, reducing attack surfaces, and improving recovery capabilities, Microsoft plans to protect users from a wide range of cyber threats while ensuring improved stability and reliability.
Although security relies on several other components — user education on best practices; strong passwords; proper implementation of systems, applications, and third-party solutions; and constant research and development — to stay one step ahead of cybercriminals, the Windows Resiliency Initiative takes a proactive approach to protect its users.
Learn more about the CrowdStrike outage and the class action lawsuit that resulted from it.
