Nearly one year after the CrowdStrike outage, Microsoft announced plans to reduce disruptions and work with cybersecurity vendors to prevent similar disruptions.The July 18, 2024, outage, caused by a faulty CrowdStrike Falcon update, left approximately 8.5 million Windows machines unable to boot. The incident raised questions about Microsoft’s quality assurance processes, especially with regard to software with kernel-level access, including Falcon and other cybersecurity tools.“All of us who worked with Windows NT in the 1990s on Intel processors was flabbergasted that Microsoft did not isolate device drivers above ring 0 (most privileged),” Analog Informatics Founder and CEO Philip Lieberman told SC Media in an email. “Everyone who develops device drivers knows that the smallest bug would crash the operating system and make debugging these drivers a nightmare to this day.”New changes to Windows that will allow cybersecurity vendors to build solutions that run outside of the kernel were among the updates announced by Microsoft in a blog post last week.These updates were a follow up to the introduction of the Windows Resiliency Initiative in November 2024, as well as the September 2024 Windows Endpoint Security Ecosystem Summit that sought to address resiliency after the CrowdStrike incident and was attended by several endpoint security vendors and government officials.Microsoft said improvements to the Windows endpoint security platform “means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do.”A set of Microsoft Virus Initiative (MVI) partners are expected to gain access to a private preview of the new Windows platform next month.Additionally, Microsoft’s newest iteration of the MVI program, MVI 3.0, will require new commitments from vendors, including new testing processes and update procedures. Vendors will be required to follow safe deployment practices (SDP) for updates, utilize deployment rings so updates roll out gradually, and monitor updates for any negative impacts.“With the introduction of MVI 3.0, we’ve successfully met all the new standards and recognize how these rigorous requirements strengthen the overall ecosystem,” CrowdStrike Chief Technology Innovation Officer Alex Ionescu said in a statement.Microsoft also published a Windows Resiliency Initiative e-book last week and expanded on additional changes coming to Windows 11 24H2 later this summer that aim to reduce disruptions and speed up recovery from unexpected crashes and restarts.One notable change is the retirement of the infamous Blue Screen of Death (BSOD) for unexpected restarts, which will be replaced with a more simplified black screen relaying the technical details about the crash.Another feature coming to Windows 11 24H2 is quick machine recovery (QMR), which was first announced a Microsoft Ignite 2024 and previewed in beta for Windows Insiders in March 2025. This new feature is designed to automatically diagnose and resolve critical issues, reducing the need for manual intervention and speeding up recovery times.Earlier this month, Microsoft introduced Windows 365 Reserve, described as a “temporary, pre-configured Cloud PC” that can be accessed when a user’s main Windows machine is not available, a further measure to reduce business disruptions from unexpected crashes.Hotpatch updates, which deliver security updates without the need for a restart and first became available for Windows 11 Enterprise version 24H2 on x64 CPU devices in April 2025, were also highlighted.
Endpoint/Device Security, Business continuity, Patch/Configuration Management
How Microsoft plans to improve resiliency 1 year after CrowdStrike outage
Microsoft says it will soon replace the “Blue Screen of Death” with a more minimalistic black screen. (Credit: Vista Vault – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds