Microsoft Announces New Security Features for Windows

Accordingly, after the serious CrowdStrike outage in the summer of 2024, which affected about 8.5 million computers worldwide, Microsoft quickly responded to strengthen user confidence.

The incident, linked to a faulty CrowdStrike software update, caused a “blue screen of death” (BSOD) that shut down many systems, severely impacting industries and public services.

In response, Microsoft has announced a series of major improvements to the Windows operating system, focusing on enhancing security, improving stability, and enhancing the system recovery mechanism in case of similar incidents.

Remotely restore faulty machines

The incident that occurred in July caused a serious situation where IT administrators were unable to remotely troubleshoot the problem when computers were stuck in a continuous boot loop. To deal with such situations, Microsoft developed the Quick Machine Recovery feature, which provides a quick and effective recovery solution.

The feature is expected to be open to the Windows Insider community for testing in early 2025, promising to significantly improve system resilience and reduce downtime.

This remote recovery tool is designed to handle Windows Update-related errors on PCs, even when the system fails to boot. The most notable feature is that it completely eliminates the need for physical access to the device, providing superior convenience and efficiency in remote troubleshooting.

"This remote recovery feature will provide the ability to quickly resolve major incidents, helping your staff get back to work more effectively than ever," said David Weston, Vice President of Enterprise Security and Operating Systems at Microsoft.

Remove unnecessary components, including built-in antivirus software.

Many changes are being implemented to reduce the dependence on administrative rights from applications and users. Microsoft views excessive privileges from applications and users as one of the persistent challenges that requires a radical solution to improve security and system stability.

Windows is currently testing a new Administrator protection solution that sets standard user rights as the default. When users need to make system changes that require administrative rights, such as installing an app, they will be asked to authorize through the Windows Hello security system. This not only ensures that changes are made securely, but also provides additional protection against unauthorized access or potential threats.

Security will be enhanced by deploying temporary, fully isolated governance tokens to perform tasks requiring high access rights. This approach helps reduce the risk of attacks, protecting governance rights from abuse or unauthorized access.

“This temporary token is immediately destroyed when the task is complete, ensuring that administrator privileges do not persist. Administrator protection helps ensure that the user, not malware, remains in control of system resources,” Weston said in a blog post.

Any potential attackers will be thwarted because they will no longer be able to automatically, directly access the operating system kernel or other critical system resources without specific permission.

This means that security products, such as antivirus software, can run in user mode just like regular applications, increasing flexibility and reducing the risk of compromising system stability.

In July 2025, Microsoft plans to launch a private developer preview focused on this groundbreaking change in the security product ecosystem. The goal is to provide a higher level of security while ensuring that Windows is less vulnerable to crashes or errors, creating a more secure and stable environment for users.

Under the new initiative, Microsoft will require partners to deploy security product updates in phases, using a controlled deployment process combined with a strict monitoring mechanism. The goal is to ensure that any negative impacts from updates are detected and minimized, providing stability and security for users.

According to Microsoft's 2024 Digital Defense Report, the number of incidents involving users abusing access to steal tokens has skyrocketed, reaching an alarming 39,000 cases per day.

Focus on reliable apps and drivers

Microsoft recommends that businesses use intelligent application control policies to eliminate attacks like malicious attachments and socially engineered malware.

IT administrators can now simplify the process by selecting the 'signed and trusted policy' template in the application control wizard. This option allows verified, highly trusted applications to work seamlessly regardless of deployment location. For enterprise applications that are not Microsoft-certified, administrators can easily add them through custom policy changes or by deploying through the Microsoft Intune application management system.

Hotpatch feature is now available on Windows

Hotpatch (or Hot Patching) is a software update technique that allows bug fixes or upgrades to be applied while the system or application is still running. This feature eliminates the need to reboot the system, minimizing downtime, which is especially important for enterprise systems or servers.

“Hotpatch is now rolling out to Windows 11 Enterprise 24H2 and Windows 365, bringing a new level of seamless update experience to users,” said Weston.

Hotpatch will shorten the time to apply critical security updates "by up to 60% from the time the security update is made available."

Microsoft also believes the new feature will reduce the number of system reboots required from 12 a year to just four.

Other features enhance privacy and security

Microsoft is expected to focus on a slew of advanced security features at its annual Ignite 2024 tech event in late November. The tech giant is making a major shift in its security strategy by adopting more secure programming languages. This includes gradually switching from implementing functions in C++ to Rust, in order to better protect systems from common security vulnerabilities.

To further protect credentials, Microsoft has upgraded its multi-factor authentication (MFA) solution with Windows Hello and expanded support for password locks. With this improvement, users no longer have to compromise between simplicity and security when signing in. Additionally, Windows Hello is now used to protect features like Recall and personal data encryption, providing a more comprehensive layer of security for users.

Microsoft is expanding its encryption options to improve security, including Personal Data Encryption for Known Folders. When enabled, file contents are fully protected and can only be accessed after authentication via Windows Hello, and even device administrators cannot view data without passing this security layer.

Zero Trust DNS, launched by Microsoft in May 2024, provides advanced access control for IT administrators. It allows administrators to restrict access to unapproved domains and block outbound traffic via IP address. By default, Zero Trust DNS blocks all outbound traffic except for essential services, ensuring a secure network environment that adheres to maximum security principles.

In addition, the feature A new Config is now available, giving administrators the ability to automatically restore system settings to their default state. This is especially useful in cases where settings are unintentionally changed by other users or applications, helping to ensure the system is stable and operating in the original configuration.