Microsoft is rewriting core Windows libraries in the Rust programming language to improve memory security. Rust is a memory-safe language, and its toolchain is mainly aimed at preventing developers from building and sending exploitable code. This helps prevent malicious parties from exploiting vulnerabilities in the code. A Consumer Reports study published in January found that “roughly 60 to 70 percent of vulnerabilities in browsers and kernels — and security flaws in C/C++ codebases — are due to memory insecurity. Microsoft’s competitors are also looking to Rust for memory-safe code, with Google exploring its use for the Android platform since 2021. David Weston, director of OS security for Windows, announced the development of Rust in the Microsoft kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. However, the migration from C++ will not happen overnight. Weston told the audience, “Rewriting Windows in Rust probably isn’t going to happen any time soon, so while we love Rust, we need a strategy that includes securing more of our native code.”
