CrowdStrike backs Microsoft’s demand for reducing kernel-level access
- by nlqip
“Certain events must be tapped into at the kernel level and responded to accordingly, but the whole signature matching process doesn’t need to happen there,” Florian Roth, head of research at Nextron Systems, wrote in an X post. “It could reside in another component, limiting the kernel module to essential tasks only.”
Ideally, such privileged access should be governed stringently, ensuring adequately tested, digitally signed software with limited privileges is used,” said Sunil Varkey, advisor at Beagle Security. “Collectively, a new approach to balance between risk and effectiveness is needed.”
Kernel access represents a significant point of vulnerability because it enables deep system-level interactions, which, if exploited, can result in extensive disruptions and breaches. By restricting kernel access, Microsoft aims to minimize the potential for such vulnerabilities.
Source link
lol
“Certain events must be tapped into at the kernel level and responded to accordingly, but the whole signature matching process doesn’t need to happen there,” Florian Roth, head of research at Nextron Systems, wrote in an X post. “It could reside in another component, limiting the kernel module to essential tasks only.” Ideally, such privileged…
Recent Posts
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage