Microsoft Takes Action To Avoid Another CrowdStrike Crisis And End Windows BSODs

If you follow Microsoft news, you may have heard about the Windows Resiliency Initiative that started last year. While at first glance this may appear to be just another marketing-driven campaign to fill a row of buzzword bingo, it appears that Redmond has genuinely been cooking up quite a few changes to Windows in a bid to increase the operating system's security and its ability to recover when things go seriously wrong -- as was the case with last year's CrowdStrike incident.

Microsoft describes a good handful of incoming upgrades in a blog post, and probably the biggest one for the OS in general is that future anti-virus and security packages will no longer run in the kernel. Instead, they'll be moved to userspace. What that means is that AV/security software won't be able to crash the entire system if it encounters a hiccup, as it will no longer be attached to the innermost part of Windows. Think of the difference between the bad old days, when the graphics card drivers crashing would trigger a system fault, versus the brief blink that happens today; the concept is precisely the same.

The famous CrowdStrike incident of 2024 happened for exactly that reason: since CrowdStrike was effectively a part of the OS, when it crashed, it took everything with it, and since it was part of the system boot process, there was no longer a way for Windows to start altogether. After this change, if your security software crashes, it'll do so leaving the system in a recoverable state instead, or possibly even not have any effect at all. These changes will require security suite vendors to do some legwork to make their wares conform to the new architecture. That seems to be well on the way, given the blog post contains a few choice quotes from names like BitDefender, ESET, TrendMicro, and of course, CrowdStrike itself, all stating their commitment to the new security model.

The BSOD is dead, long live the new BSOD

That's far from the only change coming. Microsoft is killing the almost-endearing blue screen of death (BSOD), though not in a literal sense. The color will indeed change to black and the info layout will change, but the crash process and diagnostic data collection will be expected to take at most 2 seconds for most machines. This change will come into effect "later this summer" on every Windows 11 24H2 device.

Perhaps even more importantly, in the same timeframe, Windows will gain the Quick Machine Recovery (QMR) ability that's currently in testing. In essence, this is a complement to the existing Windows Recovery Environment that can connect to a network and check Windows Update for any hotfixes in a critical non-booting scenario. Using the aforementioned CrowdStrike incident as an example, if QMR existed back then, it would trigger after a couple or three failed reboots and fix the issue with a patch from Windows Update. This feature will be enabled by default on all Windows 11 Home 24H2 installations, while Pro and Enterprise versions can have it managed by network administrators. Microsoft claims that QMR will gain more abilities later this year.

Windows has been the target of many jokes over the years (including by this writer) over some of its bugs features and design choices, so it's refreshing to see Microsoft executing on actual, tangible improvements to the operating system instead of adding more Edge-begging pop-ups or OneDrive subscription adverts.