Microsoft reveals ideas to improve Windows security updates after Crowdstrike incident

A few weeks ago, Microsoft announced that it would be holding a special event, the Windows Endpoint Security Ecosystem Summit. The goal was to gather ideas and solutions for better Windows security and improve the release of security updates for Windows PCs, including from third-party vendors. The summit was announced in the wake of the buggy Crowdstrike update that was sent out in July and caused millions of Windows PCs to crash for an extended period of time.

The summit took place on September 10, and today Microsoft published a blog post summarizing the topics discussed. Although the company admitted that the summit “was not a decision-making meeting,” today's blog post offered some short-term and long-term ideas for improving Windows security and updates.

Microsoft said it agreed that both security companies and their customers “benefit from having options for Windows and choices in security products.” This includes the companies sharing information about how their various security systems work, how they develop and ship updates, and how they deal with issues like the Crowdstrike update.

Microsoft announced that it will be releasing its own Safe Deployment Practices (SDP) in the near future and talked about how security vendors can share their practices around data, tools and processes. The blog added:

We face a number of common challenges in securely delivering updates to the large Windows ecosystem, from deciding how to perform measured rollouts with a wide range of endpoints to being able to pause or roll back when needed. A core SDP principle is the gradual and phased deployment of updates sent to customers. Microsoft Defender for Endpoint publishes SDPs and many of our ecosystem partners such as Broadcom, Sophos and Trend Micro have also shared how they handle SDPs.

The aim is to work with providers and “develop a common set of best practices”.

Other short-term solutions discussed at the summit, according to Microsoft, include increased component testing and improvements in “compatibility testing for different configurations.”

Longer term, Microsoft and summit participants discussed introducing additional security improvements in Windows 11 outside of kernel mode. They also discussed other related topics, including:

• Performance requirements and challenges outside of kernel mode
• Tamper protection for security products
• Requirements for safety sensors
• Principles of development and collaboration between Microsoft and the ecosystem
• Secure-by-design goals for future platforms

Finally, Microsoft stated:

We are competitors, not adversaries. The adversaries are those we must protect the world from. We are grateful for the support and input of this community and look forward to the ongoing conversations and work ahead.

There is no information on when or if another similar summit will take place.