Ideally, such privileged access should be governed stringently, ensuring adequately tested, digitally signed software with limited privileges is used,” Varkey added. “It is also important for the OS vendor to be transparent to its partners on their potential vulnerabilities and risks, which could impact the stability of the Kernel.”
However, the CrowdStrike incident, with its catastrophic impact, seems to have given enough push for Microsoft to bring that conversation back to the table.
“Now, Microsoft’s decision to block kernel-level access to third parties could reduce the potential risk of such incidents,” said Varkey. “However, all third-party vendors currently having kernel access privileges may have to find a new approach in collaboration with OS vendors to achieve their objective.” Otherwise, security solutions offered by OS vendors may become the default and the only solution, Varkey added.