Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Nov 20, 2024Ravie LakshmananEndpoint Security / AI Research

Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised.

The idea, the tech giant said, is to avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer options to encrypt personal data.

One of the most important features is Quick Machine Recovery that’s expected to be available to the Windows Insider Program community in early 2025.

“This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC,” David Weston, vice president of enterprise and OS security at Microsoft, said. “This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past.”

In another noteworthy update, Microsoft said it’s introducing new capabilities that will allow security tools to be run in user mode, just like regular apps, as opposed to relying on kernel access. The feature is set to be made available as a preview in July 2025.

With this change, the intention is to offer a way for easy recovery and reduce impacts at the operating system level in the event of a crash or an error.

Redmond further said it’s working with endpoint security partners to take specific steps to bolster resilience as part of what’s called the Microsoft Virus Initiative (MVI). These include gradual product update rollouts and recovery procedures, leveraging deployment rings, and ensuring that there are little-to-no negative consequences from applying those updates.

Some of the other changes the company is bringing to Windows are below –

• A hardware-backed security baseline for all new Windows 11 PC, such as TPM 2.0 and virtualization-based security (VBS) by default
• Administrator protection, where users have the security of standard user permissions by default, but can still easily make system changes, including app installation, when needed by authenticating using Windows Hello (Currently in preview)
• Support for passkeys in Windows Hello to facilitate phishing-resistant multi-factor authentication (MFA)
• Windows Protected Print, which eliminates the need for third-party print drivers
• Personal Data Encryption, an enterprise feature that secures files stored in the Desktop, Documents, and Pictures folders using Windows Hello
• Hotpatch in Windows to allow businesses to apply critical security updates without requiring a system restart
• Zero Trust DNS, which restricts Windows devices to approved domains and blocks outbound IPv4 and IPv6 traffic unless resolved by a Protected DNS server or allowed by IT admin
• Config Refresh, which helps protect PCs from configuration drift by automatically returning their settings to the preferred configuration (Available now)

The updates are also in line with Microsoft’s Secure Future Initiative (SFI), a multiyear commitment that aims to put security front-and-center when designing new products and counter cyber threats. It was first launched in November 2023.

The development comes as the company said it is expanding its bug bounty program with a new hacking challenge called Zero Day Quest to advance research and security in the areas of cloud and artificial intelligence (AI).

“This event is not just about finding vulnerabilities; it’s about fostering new and deepening existing partnerships between the Microsoft Security Response Center (MSRC), product teams, and external researchers – raising the security bar for all,” Tom Gallagher, vice president of engineering at Microsoft Security Response Center (MSRC), said.