Can Rust Replace C/C++ to Prevent the Next CrowdStrike‑Induced BSOD?

Last week a massive wave of Windows blue‑screen crashes (BSOD) worldwide was traced to a mis‑configured update from the security vendor CrowdStrike, prompting Microsoft officials to call for better coding practices.

Microsoft Azure CTO Mark Russinovich urged developers to gradually retire C/C++ in favor of the memory‑safe language Rust to reduce system crashes, noting that the CrowdStrike issue was unrelated to this recommendation.

Null pointers are a common cause of BSODs, stemming from memory errors, driver problems, and the fact that Windows kernel is written in C/C++. A debate arose when a former Google engineer blamed C++ null‑pointer bugs, a claim later refuted by Google researcher Tavis Ormandy.

Turning to Rust

Microsoft has long supported Rust and is migrating internal codebases, though the transition from C/C++ is gradual. Prototype applications are being built to demonstrate Rust’s compatibility with Windows, and Rust is already used in peripheral firmware protecting system hardware.

UEFI firmware

Microsoft is creating secure‑boot modules for Surface hardware using Rust. UEFI code runs at startup; rewriting it in Rust provides memory‑safety mechanisms that help prevent crashes and exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged enterprises to adopt memory‑safe technologies, noting that most modern languages beyond C/C++ already provide such safety.

Using Rust to protect PCs

Microsoft’s Secured‑core initiative, led by Dave Weston, is converting many firmware components from C to Rust, improving stability and reducing attack surface. The company also built a fully Rust‑written real‑time operating system for its Pluton security processor, which includes a TPM for storing biometric data.

Memory leaks have historically plagued TPM implementations; Rust’s safety guarantees can mitigate these issues.

Microsoft’s "love story" with Rust

About a decade ago Mozilla introduced Rust components into Firefox, and since then many developers have adopted the language. Other memory‑safe languages such as Go, Java, C#, Swift, and Python are also mentioned.

Microsoft conducted two experiments to evaluate Rust’s feasibility and performance. The first rewrote the DirectWrite font parser used in browsers and Office, yielding noticeable performance gains after a two‑to‑three‑month effort. The second split parts of the legacy Win32k graphics subsystem into Rust modules, successfully integrating them into new Windows releases.

Rust’s backend leverages LLVM, allowing it to interoperate with existing Visual C++‑compiled code.

Rust in Azure

Azure is heavily adopting Rust, including a Rust‑written virtual machine manager for Hyper‑V and a Rust rewrite of Azure Boost, described as "Azure’s future architecture." Microsoft has invested roughly $10 million in Rust tooling for Azure, with plans to offer long‑term support similar to Linux distributions.

Happy Rust!