Microsoft has unveiled its plans for significant improvements to the resiliency and security of Windows OS in the upcoming year. Learning from a major outage that happened in June 2024 due to the Crowdstrike agent and almost brought half the world to a halt, Microsoft started to work around making their OS more secure, resilient, and easier to patch.
Some of the major improvements include rolling out the Hotpatch feature, which will allow for live patching without the need to restart the system. Hotpatch has been in life for over a decade with Linux, and finally, Microsoft will be rolling it over to Windows 11 Enterprise 24H2 and Windows 365. Hotpatches are expected to make the patching process quicker and easier as well as will reduce the number of restarts needed after the patch gets deployed.
Another major step towards making systems more secure is to limit the privileges given to applications and users. Windows will prompt the user to authorize any request that needs higher privileges through its security application and will make standard user permission its default. This step follows the security principle of least privilege and is expected to make Windows OS more secure and hardened against attacks.
Microsoft also plans to offer more trusted applications and drivers in an attempt to counter phishing and malware attacks. The upcoming Windows printing daemon will have a lesser dependency on third-party drivers, thus making it more secure.
The inbuilt MFA solution Windows Hello has been further hardened and extended to support passkeys and protect user credentials. Users no longer need to choose between a simple sign-in and a safe sign-in. Windows Hello is also being used to protect Recall and Personal Data Encryption. Microsoft will also offer more encryption options, such as Personal Data Encryption for known folders. When enabled, a device administrator won’t be able to view file content until authenticated with Windows Hello.