Microsoft unveiled the Windows Resiliency Initiative Tuesday, which follows the July global IT outage linked to a faulty CrowdStrike software update, according to a blog post from David Weston, VP of enterprise and OS security at Microsoft.
The effort is intended to advance the company’s prior efforts to overhaul its security culture.
“We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers,” Weston said in the blog.
Microsoft will allow IT administrators to make changes to Windows Update on PCs, even if the machines are unable to boot up. Administrators will not require physical access to the machines to make the necessary changes.
The service will be available to the Windows Insider Program community starting in early 2025.
Microsoft also plans to use safe deployment practices with endpoint security partners to make sure security upgrades are gradual and monitored. The goal is to minimize any negative results from rollouts.
Microsoft is enabling new capabilities for developers to allow the development of security products outside of kernel mode. For example, anti-virus solutions will be able to run in user mode in the same way apps are run. These changes will be in preview starting in July 2025.
Microsoft is gradually going to adopt safer programming languages by moving away from C++ to Rust.
Microsoft in November 2023 announced its Secure Future Initiative following the July state-linked attack against Microsoft Exchange Online, which led to the exfiltration of 60,000 emails from the U.S. State Department and other sensitive accounts.
The U.S. Cyber Safety Review Board blasted the company in a report saying Microsoft prioritized speed to market and feature sets over security.
The faulty CrowdStrike upgrade led to the crash of more than 8.5 million Windows devices, resulting in massive customer disruptions at airlines, hospitals, emergency services and financial institutions across the globe.
Microsoft held a summit with security partners from the U.S. and Europe to work on efforts to boost resilience.
The company shared an update on its SFI efforts to improve its internal governance and security culture, noting how employees are being held accountable for incorporating security concerns into the product development process.