Nearly a year has passed since the CrowdStrike update crippled approximately 8.5 million Windows-powered computers worldwide. To prevent similar incidents from recurring, Microsoft plans to move antivirus (AV) software and endpoint detection and response (EDR) systems outside the operating system kernel.

The new Windows platform is being developed in close collaboration with leading security vendors, including CrowdStrike, Bitdefender, ESET, Trend Micro, and many others. Microsoft representatives emphasize that the company isn’t imposing its own rules but rather working jointly with partners to establish them.

Reports indicate that Microsoft will soon launch a closed preview version of the new security platform. This will allow security developers to test the changes and provide feedback. The company anticipates several iterations will be needed before the platform is ready for full-scale deployment.

The transition to the new system won’t happen overnight. Implementation will begin with antivirus and EDR software, though completely eliminating kernel drivers isn’t yet feasible.

Kernel drivers are used by anti-cheat systems in video games. Microsoft is in discussions with game developers about ways to reduce kernel-level access in Windows, but this remains a significant challenge. Notably, cheat developers deliberately tamper with the operating system to bypass security measures.

Source