The new Windows Resilience Initiative by Microsoft aims to prevent another incident similar to CrowdStrike.

The CrowdStrike crisis, which affected 8.5 million Windows PCs and servers in July, has led many of Microsoft's major customers to seek solutions to prevent a similar event from happening again. In response, Microsoft has launched the Windows Resilience Initiative, focused on improving the security and reliability of the operating system.

This new initiative includes fundamental changes to Windows that will enable customers to more easily recover their Windows-based machines in the event of incidents similar to those of CrowdStrike. Additionally, there have been improvements made to the Windows platform to strengthen control over which applications and drivers can run, as well as to allow antivirus processing to occur outside of kernel mode.

To address the CrowdStrike incident, Microsoft has developed a feature called Quick Machine Recovery. This tool will allow IT administrators to remotely troubleshoot machines, even if they cannot boot properly. Quick Recovery leverages enhancements in the Windows Recovery Environment (Windows RE).

David Weston, Vice President of Enterprise Security and Operating System at Microsoft, explained that in a future similar event, it would be possible to send an update from Windows Update to the Recovery Environment that allows for the centralized removal of problematic files for all customers. Weston has collected requests from hundreds of customers since the CrowdStrike issue, who have demanded better recovery tools and safer deployment practices from security providers.

Microsoft is now requiring security providers that are part of the Microsoft Virus Initiative (MVI) to adopt specific measures to improve security and reliability, such as enhanced testing and response processes, as well as secure deployment practices for updates to Windows PCs and servers.

The company is also collaborating with its MVI partners to facilitate antivirus processing outside the system kernel. CrowdStrike's software operates at this critical level of Windows, which allowed a faulty update to cause a Blue Screen of Death on the affected systems.

Weston explained that a new framework is being developed that security providers are encouraged to participate in, with a private preview scheduled to be available to Windows security partners in July 2025. During the Microsoft Windows Endpoint Security Ecosystem Summit in September, these improvements were discussed with Windows kernel architects.

Regarding enhancements for administrators in Windows 11, a new feature will soon be implemented that allows users to maintain standard user security but with the ability to make system changes and install applications as needed. This Administrator Protection will temporarily grant administrator rights for specific tasks, ensuring that privileges do not persist after the task is completed.

Additionally, the White House has been promoting the use of memory-safe programming languages such as Rust, and Microsoft is making similar changes in Windows, gradually moving functionality from C++ to Rust to enhance the operating system's security.