Microsoft has announced through the Windows IT Pro Blog that in response to the CrowdStrike incident, the first thing they did was assemble a first responder team consisting of over 5,000 support members working 24×7 to help customers worldwide bring their systems back online.
Additionally, Microsoft introduced a Recovery Tool to aid in system restoration. This tool has undergone multiple version updates to meet customer demands. Features include support for booting from WinPE, booting from safe mode, and booting through PXE network.
In terms of long-term problem prevention, Microsoft mentioned that this event highlights the need for Windows to enhance its resilience and security. While not explicitly outlining future actions, Microsoft’s post cited two existing features that align with the resilient and secure direction:
1. VBS Enclave, which segregates user mode software into Virtualization Based Security (VBS) based on Hyper-V to separate running processes from the kernel.
2. Microsoft Azure Attestation, a cloud service on Azure that assesses the trustworthiness of software binaries without relying on kernel-level agents.
Microsoft also recommends general IT system resilience techniques such as frequent backups, utilizing Windows recovery features or Azure VM snapshots, staged deployment updates, and cloud-based PC management for easier system recovery in case of issues.
TLDR: Microsoft responded to the CrowdStrike incident by deploying a first responder team and introducing a Recovery Tool. They emphasize the need for enhanced resilience and security in Windows, hinting at future developments like VBS Enclave and Azure Attestation. They recommend IT resilience practices for organizations.
Leave a Comment