Windows has a new recovery mode and other features that will prevent the CrowdStrike crash from happening again

After the devastating CrowdStrike outage in July this year, Microsoft promised to improve the situation, although it insisted that the event was more of a force majeure event. Today at the Microsoft Ignite 2024 event, the company announced changes made to the Windows operating system that should eliminate the possibility of such incidents repeating. Unfortunately, some of these changes will not take effect soon.

Image source: Microsoft

Quick Machine Recovery is a new tool that will be available in early 2025. It will allow IT administrators to remotely make certain software fixes if a Windows PC is unable to boot.

Microsoft is also testing a mode that allows security products such as antivirus software to run outside of “kernel mode” – just like most “regular” Windows applications. The launch of a preliminary version of the new mode is scheduled for July 2025. Microsoft says this will address the root cause of the CrowdStrike outage, where a software update caused problems in the Windows OS kernel, causing widespread failure of affected PCs.

«This change will help security developers ensure a high level of security [and] easier recovery, and in the event of a crash or error, Windows will be less impacted,” said David Weston, Microsoft vice president of enterprise and OS security.

Microsoft also introduced a preview of Administrator Protection, a feature that will allow Windows users without administrator rights to make system changes to their PCs if necessary. Administrator Protection creates a temporary, isolated token that grants users administrative rights, and immediately self-destructs once the user’s task is completed.

According to Weston, “Administrator Protection, if a system change requires administrative rights, such as installing some applications, will prompt the user to securely authorize the change using Windows Hello.” He believes this approach will improve Windows security “because they no longer have automatic direct access to the kernel or other security-critical system without special permission.”

Microsoft has also added “hot patch” capability to preview versions of Windows 11 Enterprise 24H2 and Windows 365. Hot patching involves downloading updates in the background and applying them immediately, eliminating the need to reboot the device and reducing the likelihood that an update will be delayed by the user.

Microsoft is currently under scrutiny by US government agencies both due to the high-profile CrowdStrike incident and its insufficient response to hackers who breached its internal systems. Regulators believe that Microsoft’s corporate culture “devalues ​​investments in security and risk management.”

Following high-profile hacks and damning government reports, Microsoft CEO Satya Nadella declared security the company’s top priority. Microsoft says the equivalent of 34,000 full-time engineers are currently working to overhaul the company’s cybersecurity practices. Each company employee is now assessed on their contribution to safety in addition to regular performance reviews.