Software update released by cybersecurity firm CrowdStrike in July 2024 has compatibility issuesCaused blue screen of death on approximately 8 million computers worldwide, the outage had a serious impact on multiple industries, especially airlines that relied on Windows NT.
After the incident, Microsoft issued a document revealing that the root cause of this situation lies in EU policies. The EU requires Microsoft to grant security software developers the same rights as Microsoft. That is, Microsoft's anti-virus software can run in the kernel, and Microsoft must also allow security software such as Kaspersky to also run in the kernel. However, in order to avoid a repeat of the CrowdStrike incident, Microsoft has made plans to move the security software drivers out of the Windows NT kernel, so that even if incompatible drivers appear again, they will not cause large-scale blue screen of death incidents again.
Specifically, Microsoft has developed a program called Windows Resiliency Initiative (Windows Resiliency Initiative, WRI). WRI aims to integrate resiliency into the Windows NT kernel, covering software updates, third-party integration and endpoint security technologies.
The core of WRI is to move anti-virus software and endpoint protection tools from the Windows NT kernel to user mode, that is, subsequent anti-virus software will run in user mode rather than in the kernel, and even if a problem occurs, it will not cause the entire system to crash.
Microsoft said it is working with partners in the security industry to develop WRI with the goal of maintaining high security standards while reducing interruptions. Microsoft will soon provide these features to security partners in a private preview. It is expected that there will be a specific release time at the Ignite 2025 conference in November this year.