Microsoft Rolls Out Recovery Tools After CrowdStrike Incident

Microsoft has announced sweeping changes to Windows security architecture, including new recovery capabilities designed to prevent system-wide outages following July's CrowdStrike incident that disabled 8.5 million Windows devices.

The Windows Resiliency Initiative introduces Quick Machine Recovery, allowing IT administrators to remotely fix unbootable systems through an enhanced Windows Recovery Environment. Microsoft is also mandating stricter testing and deployment practices for security vendors under its Microsoft Virus Initiative, including gradual rollouts and monitoring procedures.

The company is also developing a framework to move antivirus processing outside the Windows kernel, with a preview planned for security partners in July 2025.

Ring -4

[timeOday]

"Sir, the enemy has breached the administrator account"

"Activate the administrator-administrator account!!"

Re:

[gweihir]

Funnily, MS has that in the form of "System". Just shows how broken their overall architecture is.

Re:

[TheRealMindChild]

Windows has an Executive process that lives in the same ring as the kernel, which manages things like memory and processes/threads for the system. That is what the user "SYSTEM" is illustrating... drivers/services provided by the Executive Layer.
 
How exactly is that different than Linux just using the root user/pid in those circumstances?

Re:

[mysidia]

I think Microsoft's actual goal here is to eliminate the concept of an administrator account.

Imagine Windows 12 will be an OS with no such thing as an administrator account, and in fact no such thing as Local users. Administered solely by Microsoft servers with configurations pushed down from their 365 cloud systems.

You want to make basic changes like adding an additional user? You'll have to go to a Microsoft website to login as device Owner and add the guest's Live.com ID as a user permitted acces

Why?

[OneOfMany07]

I see no better security for the process that you mentioned than what we've had.

And beyond your own worries about them wanting more control and information about you... why do you think this is coming/next?

Re:

[mysidia]

why do you think this is coming/next?

Because Microsoft leaders have stated it repeatedly their strategy is to move to an adminless architecture.

There are significant moves [x.com] in that direction already in Windows 11.

There are also already new steps towards eliminating local accounts in Windows 11.. Namely the part about it No longer being optional to have an Internet connection and register a user on Microsoft's website in order to login and setup Windows 11.

Once these basic changes have been in place for 4

Re:

[TheRealMindChild]

Imagine Windows 12 will be an OS with no such thing as an administrator account, and in fact no such thing as Local users
 
There is no way that would fly for enterprise deployment. And that's where a bulk of Windows revenue comes from

remotely fix unbootable systems

[rossdee]

That sounds tricky. Unless you have remote control of the power supply (like the UPS)

Re: remotely fix unbootable systems

[Filgy]

Don't machines with Intel management engine and the likes always allow a remote connection to power on the device so long as the PSU is not physically turned off ?

Re:

[Joe_Dragon]

local network only? or due to past issues that is blocked at the site level router / firewall / vpn / etc.

OOB

[JBMcB]

Yes. I was somewhat dumbfounded that, with as spread out as the machines are in an airport, they don't have out-of-band management turned on. At the very least it gets you a low-level remote control that can get you into the bios to fix stuff.

Re:

[gweihir]

They are not talking about actually unbootable. MS is not that honest. What they actually mean is systems crashing during boot and probably only for late crashes like Clownstroke.

Can't see the stars through the clouds...

[gillbates]

weâ(TM)ve focused the equivalent of 34,000 full-time engineers on the highest-priority security challenges.

If that's the metric you're using to gauge security success, you are almost certainly doing it wrong. If you can employ that many engineers on security matters, it means that you aren't managing your attack surface properly.

Secondly, security must be designed in from the beginning. It is not something which can be addressed by patching (playing whack-a-mole, really) with an inherently ins

Re:

[sconeu]

To be fair, IIRC, the 2008 LSE incident wasn't security related, but was just due to Windows suckage in general.

Re:

[gweihir]

Microsoft claims to have engineers? Talk about imposters...

Microsoft products will get secure and reliable when we will finally get product liability for software. Because then MS will go out of business pretty fast.

Re:

[Senshi]

I remember Stallman gave one of his lectures to Microsoft team few years ago. I thought it was a mistake as I have always known how Microsoft have always find newer ways to counter users' freedom. Microsoft thrives on their own gratifications for profits by keeping users dependent and obtuse in similar ways sex traffickers exploit their victims to stay under hook with drugs and threats.

Administrator protection new name for UAP with Win

[Joe_Dragon]

Administrator protection new name for UAP with Windows Hello?

Re:

[sconeu]

Yeah, I was wondering about that... I thought it was the same thing... UAC with Windows Hello authentication.

To be fair, that's better than just UAC. Remember, in Linux you still need to authenticate to use sudo.

this will actually change something

[hdyoung]

Absolutely nobody will be able to sue Crowdstrike directly, and they wouldn't bother to change unless some unstoppable external force mandated it.

Well, the 400-pound gorilla in the room just mandated it. "You don't get to break our OS if you want to use it as a platform" said microsoft. You will comply or you will no longer have a business.

Microsoft Virus Initiative?

[sconeu]

I thought that Windows was already a virus?

Re:Microsoft Virus Initiative? VIrus?

[gabrieltss]

Windows isn't a virus, viruses do something.

A little late, maybe?

[Narcocide]

Heh, thanks guys, but I already switched to Linux!

Tone deaf.

[gillbates]

With hotpatching through your Windows Autopatch settings in Microsoft Intune, you can reduce the number of system restarts for Windows updates from 12 times a year to just four,

Is Microsoft even aware that Linux systems will run for years, and IBM mainframes for decades, without a restart? Do they know how badly this is going to reflect on the admins who recommended replacing their UNIX and mainframe systems with Windows servers?

Re:

[gweihir]

MS does not care. Their 3rd rated crap sells like crazy and their profits are stellar. And they still have zero liability for when they screw up, no matter how much damage they do.

As to "admins" that recommended UNIX/Unix-like systems with Windows servers, I do not think it is possible to view them any worse than anybody competent already does.

Re:

[gillbates]

This revolutionary feature allows businesses to apply critical security updates without requiring a system restart,

It is indeed revolutionary to find a feature present in Ubuntu for at least the past 8 years in a Microsoft product. This is a good first step toward Microsoft making an Internet-ready operating system. Someday, Windows machines will be able to connect directly to the Internet without having to worry about security concerns...

Zero Trust DNS. Network destinations are often defined by

What about themselves?

[smooth wombat]

Microsoft is also mandating stricter testing and deployment practices for security vendors

Considering their 24H2 update won't install [pcworld.com] on people's systems, when are they going to implemenet stricter testing and deployment practices?

Re:

[gweihir]

You need to read that carefully. "Stricter" in no way means "strict", but it sounds good. Obviously, MS testing and deployment is still complete crap and vendor testing will often be worse as Clownstroke nicely demonstrated. Also, software architecture will remain crap and is not even addressed.

If Microsoft were about more reliability and security, they would have acted wayyy earlier and wau better. This is just about enough to keep the pretense going that they have a professional product here. They really

Re:

[BardBollocks]

Right? unreliable at best.

We're being lied to by pretty much everyone involved in the IT security space, and secret directives regarding backdoors and weakening encryption and other security standards to allow us all the be under constant surveillance.

IT security vendors and Government have gone full retard.

Re:

[BardBollocks]

oh, i notice you're also being targeted for down modding for speaking obvious truths :)

"Sweeping Changes" you say

[gweihir]

So the situation before was utter crap? Don't answer that, we know it was. But I highly doubt the problem has really been fixed. Microsoft does not do good engineering.

Re:

[fatwilbur]

If they're "sweeping the problem under the rug", I believe that technically counts.

Re:

[gweihir]

Hahahah, no idea why I did not spot _that_ one!

"double encryption protection"

[OneOfMany07]

"Personal Data Encryption can be used independently of BitLocker, or other solutions, and when combined with BitLocker, it offers double encryption protection."

Meaning you couldn't secure it the first time?

Am I the only one who worries that 2 features allowed to encrypt files is going to cause more problems than it solves? And it sounded like IT staff cannot easily force decryption.

NT4

[bill_mcgonigle]

Bring back the NT 3.5.1 privilege separation for servers.