Microsoft Rolls Out Recovery Tools After CrowdStrike Incident 56
Microsoft has announced sweeping changes to Windows security architecture, including new recovery capabilities designed to prevent system-wide outages following July's CrowdStrike incident that disabled 8.5 million Windows devices.
The Windows Resiliency Initiative introduces Quick Machine Recovery, allowing IT administrators to remotely fix unbootable systems through an enhanced Windows Recovery Environment. Microsoft is also mandating stricter testing and deployment practices for security vendors under its Microsoft Virus Initiative, including gradual rollouts and monitoring procedures.
The company is also developing a framework to move antivirus processing outside the Windows kernel, with a preview planned for security partners in July 2025.
The Windows Resiliency Initiative introduces Quick Machine Recovery, allowing IT administrators to remotely fix unbootable systems through an enhanced Windows Recovery Environment. Microsoft is also mandating stricter testing and deployment practices for security vendors under its Microsoft Virus Initiative, including gradual rollouts and monitoring procedures.
The company is also developing a framework to move antivirus processing outside the Windows kernel, with a preview planned for security partners in July 2025.
Ring -4 (Score:5, Funny)
"Activate the administrator-administrator account!!"
Re: (Score:2)
Funnily, MS has that in the form of "System". Just shows how broken their overall architecture is.
Re: (Score:2)
Windows has an Executive process that lives in the same ring as the kernel, which manages things like memory and processes/threads for the system. That is what the user "SYSTEM" is illustrating... drivers/services provided by the Executive Layer.
How exactly is that different than Linux just using the root user/pid in those circumstances?
Re: (Score:2)
If you have to ask, you do not understand the situation. Seriously.
Re: (Score:2)
So, you don't know. That's all you had to say.
Re: (Score:3)
I think Microsoft's actual goal here is to eliminate the concept of an administrator account.
Imagine Windows 12 will be an OS with no such thing as an administrator account, and in fact no such thing as Local users. Administered solely by Microsoft servers with configurations pushed down from their 365 cloud systems.
You want to make basic changes like adding an additional user? You'll have to go to a Microsoft website to login as device Owner and add the guest's Live.com ID as a user permitted acces
Why? (Score:1)
I see no better security for the process that you mentioned than what we've had.
And beyond your own worries about them wanting more control and information about you... why do you think this is coming/next?
Re: (Score:3)
why do you think this is coming/next?
Because Microsoft leaders have stated it repeatedly their strategy is to move to an adminless architecture.
There are significant moves [x.com] in that direction already in Windows 11.
There are also already new steps towards eliminating local accounts in Windows 11.. Namely the part about it No longer being optional to have an Internet connection and register a user on Microsoft's website in order to login and setup Windows 11.
Once these basic changes have been in place for 4
Re: (Score:1)
This is not entirely true. There are several ways to set up windows 11 with a local account. They are however hidden sufficiently that a non-advanced user will struggle to access them.
Re: (Score:2)
There are several ways to set up windows 11 with a local account. They are however hidden
For personal Windows installs these are methods unsupported by Microsoft of circumventing the official requirements.
Microsoft can close these methods of circumvention even in the next update of Windows11 if they want.
Once again; Microsoft's own website states: Windows 11 Pro for personal use and Windows 11 Home require internet connectivity and a Microsoft account during initial device setup.
They are making every effor
Re: (Score:2)
Imagine Windows 12 will be an OS with no such thing as an administrator account, and in fact no such thing as Local users
There is no way that would fly for enterprise deployment. And that's where a bulk of Windows revenue comes from
Re: (Score:2)
They've recently hired Lennart Pottering. It's to replace the layered privilege hierarchy with a locked in systemd equivalent, with Microsoft registered resources owning every aspect of control and access in a "stable", but actually vendor-locked-in and vendor-approval based structure. It's utterly contrary to the "your computer you own it" goals of the Free Software Foundation, but consistent with the "approved key owner signs access" approach of the almost entirely failed Trusted Computing initiative.
Re: (Score:2)
"Sir, the enemy has breached the administrator account"
"Activate the administrator-administrator account!!"
You know the truly stupid part about this. Intel already provided this functionality in their vPro CPUs the ones which include virtually a full BMS (Intel AMT) on board. But clearly administrators never used it otherwise they would haven't had to rely on users recovering from Crowdstrike by either bringing their PCs into the IT desk or going around by foot fixing each machine individually.
A tool is only as good as its user.
remotely fix unbootable systems (Score:3)
That sounds tricky. Unless you have remote control of the power supply (like the UPS)
Re: remotely fix unbootable systems (Score:2)
Re: (Score:2)
local network only? or due to past issues that is blocked at the site level router / firewall / vpn / etc.
OOB (Score:3)
Yes. I was somewhat dumbfounded that, with as spread out as the machines are in an airport, they don't have out-of-band management turned on. At the very least it gets you a low-level remote control that can get you into the bios to fix stuff.
Re: (Score:2, Troll)
They are not talking about actually unbootable. MS is not that honest. What they actually mean is systems crashing during boot and probably only for late crashes like Clownstroke.
Use a Hammer, remotely. (Score:2)
Hammer fixes that stuff from a remote 30cm-1m location.
Re: (Score:2)
> That sounds tricky
Not if you apply Microsoft's usual attention to security detail. /s
Can't see the stars through the clouds... (Score:5, Informative)
weâ(TM)ve focused the equivalent of 34,000 full-time engineers on the highest-priority security challenges.
If that's the metric you're using to gauge security success, you are almost certainly doing it wrong. If you can employ that many engineers on security matters, it means that you aren't managing your attack surface properly.
Secondly, security must be designed in from the beginning. It is not something which can be addressed by patching (playing whack-a-mole, really) with an inherently insecure design. I would believe that security has been markedly improved if they had instead stated, "We've redesigned the system from the ground up, with an emphasis on security".
Lastly, Microsoft does not, and can not make meaningful security guarantees to the larger computing community. They remain focused on lock-in, making spyware, and ease of user experience, and in spite of them trying (since 2006, IIRC) to bolt on security, they continue to be plagued by rather embarrassing and high profile security incidents. Remember the London Stock exchange incident? Remember Blaster? Remember crowdstrike? Remember Windows Recall?
The core issue is that Microsoft is not, and never has been, a secure OS vendor. IBM mainframes - as user unfriendly as they are - have a security record that Windows can't touch. UNIX vendors have been putting uptime guarantees in writing since the 1990's. Articles like these are meant to convince Windows users that they need not switch to a secure platform, that another security incident Won't Happen Again(TM), but they always do.
You can like Windows for a lot of things. It's great for games. It's great for participation in the corporate hive-mind - a way of signaling your willingness to abandon critical thought for group cohesion (which, believe it or not, is actually useful in the corporate world.) But it is not, has not been, and will likely never be more secure than any other vendor's solution, simply because Microsoft culture asks "Why not?" rather than "What could possibly go wrong?!"
Re: (Score:2)
To be fair, IIRC, the 2008 LSE incident wasn't security related, but was just due to Windows suckage in general.
Re: (Score:3, Insightful)
Microsoft claims to have engineers? Talk about imposters...
Microsoft products will get secure and reliable when we will finally get product liability for software. Because then MS will go out of business pretty fast.
Re: (Score:1, Insightful)
Re: (Score:2)
Indeed. Just did run into this again. I tried to make a full system backup with windows (Win10), but there is nothing that is not either obscure in what it does or has some serious limitations. I am now back to simply booting Kali and doing a "cat /dev/sdx | bzip2 > file.img.bz2" (after blanking free space under Windows with cygwin), which is clear, simple, easy, reliable and has worked like this for decades.
Microsoft is really the trash of the trash.
Administrator protection new name for UAP with Win (Score:2)
Administrator protection new name for UAP with Windows Hello?
Re: (Score:2)
Yeah, I was wondering about that... I thought it was the same thing... UAC with Windows Hello authentication.
To be fair, that's better than just UAC. Remember, in Linux you still need to authenticate to use sudo.
this will actually change something (Score:2)
Well, the 400-pound gorilla in the room just mandated it. "You don't get to break our OS if you want to use it as a platform" said microsoft. You will comply or you will no longer have a business.
Re: (Score:1)
Funniest thing is, the problem is that Microsoft has in fact damaged several ongoing direct lawsuits by de facto taking part of the responsibility onto itself. And yes, there are several direct lawsuits ongoing IIRC.
Microsoft Virus Initiative? (Score:4, Funny)
I thought that Windows was already a virus?
Re:Microsoft Virus Initiative? VIrus? (Score:2)
A little late, maybe? (Score:1)
Heh, thanks guys, but I already switched to Linux!
Tone deaf. (Score:2)
With hotpatching through your Windows Autopatch settings in Microsoft Intune, you can reduce the number of system restarts for Windows updates from 12 times a year to just four,
Is Microsoft even aware that Linux systems will run for years, and IBM mainframes for decades, without a restart? Do they know how badly this is going to reflect on the admins who recommended replacing their UNIX and mainframe systems with Windows servers?
Re: (Score:2)
MS does not care. Their 3rd rated crap sells like crazy and their profits are stellar. And they still have zero liability for when they screw up, no matter how much damage they do.
As to "admins" that recommended UNIX/Unix-like systems with Windows servers, I do not think it is possible to view them any worse than anybody competent already does.
Re: (Score:2)
This revolutionary feature allows businesses to apply critical security updates without requiring a system restart,
It is indeed revolutionary to find a feature present in Ubuntu for at least the past 8 years in a Microsoft product. This is a good first step toward Microsoft making an Internet-ready operating system. Someday, Windows machines will be able to connect directly to the Internet without having to worry about security concerns...
Zero Trust DNS. Network destinations are often defined by
Re: (Score:1)
For what it's worth, Windows had kernel (and other) rebootless hot patching with Windows Server 2003.
They just, until recently began re-resurrecting it with 2019, discontinued the feature due to low customer adoption.
That is to say, Windows had hotpatching *before it ever existed on linux*. About five years before.
HP Patented a limited version of this "technology" to do this in 2001, Microsoft attempted to patent a generalized software approach (to attack software updates, not hardware functionality missing
What about themselves? (Score:2)
Considering their 24H2 update won't install [pcworld.com] on people's systems, when are they going to implemenet stricter testing and deployment practices?
Re: (Score:3)
You need to read that carefully. "Stricter" in no way means "strict", but it sounds good. Obviously, MS testing and deployment is still complete crap and vendor testing will often be worse as Clownstroke nicely demonstrated. Also, software architecture will remain crap and is not even addressed.
If Microsoft were about more reliability and security, they would have acted wayyy earlier and wau better. This is just about enough to keep the pretense going that they have a professional product here. They really
Re: (Score:1)
Right? unreliable at best.
We're being lied to by pretty much everyone involved in the IT security space, and secret directives regarding backdoors and weakening encryption and other security standards to allow us all the be under constant surveillance.
IT security vendors and Government have gone full retard.
Re: (Score:1)
oh, i notice you're also being targeted for down modding for speaking obvious truths :)
Turns out obvious truths are often not (Score:2)
https://itwire.com/business-it... [itwire.com]
CrowdStrike Statement of Response:
The suggestion that CrowdStrike ‘had no proof’ of the data being exfiltrated is incorrect. Shawn Henry clearly said in his testimony that CrowdStrike had indicators of exfiltration ( page 32 of the testimony) and circumstantial evidence (page 75) that indicated the data had been exfiltrated. Also, please note that the Senate Intelligence Committee in April 2020 issued a report (https://www.intelligence.senate.gov/sites/default/fi
"Sweeping Changes" you say (Score:2)
So the situation before was utter crap? Don't answer that, we know it was. But I highly doubt the problem has really been fixed. Microsoft does not do good engineering.
Re: (Score:2)
Re: (Score:2)
Hahahah, no idea why I did not spot _that_ one!
"double encryption protection" (Score:2)
"Personal Data Encryption can be used independently of BitLocker, or other solutions, and when combined with BitLocker, it offers double encryption protection."
Meaning you couldn't secure it the first time?
Am I the only one who worries that 2 features allowed to encrypt files is going to cause more problems than it solves? And it sounded like IT staff cannot easily force decryption.
NT4 (Score:2)
Bring back the NT 3.5.1 privilege separation for servers.
Just have a different kernel as a backup (Score:2)
Re: (Score:2)
A backup kernel was not even required. Windows could mark that starting driver xyz resulted in a crash, so reboot the system and not load the driver.
Alternatively, the driver itself could have noted that it crashed and on next reboot run in "safe mode", basically doing nothing.
recovering from Windows (Score:2)
So it installs Linux?
So test updates before releasing is not an option. (Score:2)
Microsoft admits fault or what (Score:2)
How is this not a clear that shitty Microsoft software was the root cause of the Crowdstrike disaster? And as sure as night follows day there will be another incident caused by shitty Microsoft software that it will be even more destructive and costly.
Friends do not let friends use Microsoft. (And please do not take this as an ad for Apple, which is just as shitty/dangerous in its own faux-cool way and maintains a lower profile because of less deployment plus Scientology level spin control.)