Rust in Windows — it’s Official — Safe and Fast

Rusty windowStarting with ancient, vulnerable legacy code, Redmond team rewrites chunks in trendy secure language.

It’s an open secret that Microsoft loves Rust, but we only just learned that it’s rewriting Windows libraries in the fashionable memory-safe language. Microsoft security VP David Weston has revealed much more detail, to the excitement of many.

But don’t expect a wholesale rewrite any time soon. In today’s SB Blogwatch, we can’t wait for the next Insider build.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Scientists aren’t supposed to fabricate data.

40-Year-Old Code

What’s the craic? Thomas Claburn quips—“Now that’s a C change we can back”:

Growing industry support
Microsoft is rewriting core Windows libraries in the Rust programming language, and the more-memory-safe code is already reaching developers. David “dwizzle” Weston, director of OS security for Windows, announced [it] at BlueHat IL 2023 in Tel Aviv.

The Rust toolchain strives to prevent code from being built and shipped that is exploitable. … Rust is focused on memory safety and similar protections, which cuts down on the number of bad bugs in the resulting code. … Amid growing industry support for memory-safe programming, Microsoft’s exploration of Rust has become more enthusiastic.

It’s happening. Sayan Sen says so—“Windows 11 kernel will soon be booting with Rust inside”:

Able to pass all tests
Microsoft … has been interested in this language for several reasons and one of those happens to center around memory safety and security that Rust offers. … Weston discussed the progress Microsoft has been making with Rust as part of the Windows kernel.

Weston added that 36 thousand lines of code have been added so far and there are also no major performance regressions in tested scenarios. The Win32k GDI … was able to pass all tests when booting on Windows.

ELI5? Alfonso Maruccia adds context—“Microsoft adopts Rust”:

Highly effective solution
Rust is a fast, memory-efficient programming language created by Graydon Hoare while working at Mozilla. … Rust offers native performance for various types of applications, including computer software, low-resource devices, and embedded appliances. Aside from its performance, one of Rust’s main attractions is the fact that the language was designed to provide memory safety from the outset, thereby eliminating many categories of bugs and potential vulnerabilities at compile time.

Historically, the vast majority of security issues encountered on the Windows platform have been memory-related bugs. Rust can provide a highly effective solution to this long-standing problem. … Windows 10 and 11 are written in C, C++, C#, and assembly language, with millions of lines of code that will likely never undergo a complete, Rust-based overhaul.

Horse’s mouth? David Weston—“Default Security”: [Any transcription errors are mine]

Safety and performance
We think we’ve run out of steam on ways to stop exploit techniques. … We have a challenge of the … growth in the number of memory safety vulnerabilities and a reduction in viability of our exploit mitigations. … And that’s caused us to rethink our strategy.

I hate to tell you … Rust fans out there, rewriting Windows in Rust probably isn’t going to happen anytime soon. … We’re talking about one of the most complex engineering projects on the planet … so making sure that Rust is going to work at this billion user scale is very important for these first stages. … Much as we love Rust, we know it’s probably not the solution to rewrite the last 40 years of C and C++ code in Rust. … So we are tackling the oldest and largest challenges [first].

Font parsing is a critical attack surface for memory safety that we want to target, so it’s one of the first things we looked at. … The second experiment has been with GDI and Win32k [which was] actually designed in the late 80s and 90s [and] may or may not have bugs occasionally. … I’m told on good authority … that this will be in Insider previews shortly.

The thing that I was most excited about showing you … is that performance increased 5–15%! So not only do we get memory safety, we got a boost in performance. … I’m sure the Rust crowd out there will say, “See? I told you we can have safety and performance.”


Sounds great. cookieperson noms it up:

Developing in Rust is so much easier than other languages I’ve used. Took a while to get the hang of it [but] it’s honestly a wonderful experience. Can blindly follow types or hone in on performance critical areas without sketchy bugs.

Ironic name for something being used to tidy up legacy code. So says StormReaver:

I don’t care about names, but I am curious as to what compelled the creators to name their product after something that has decayed due to lack of maintenance and caring.

Get with the program. karlkarl won’t:

Personally I feel that building safety upon C is still the way to go. … However, it will be impossible to get developers to [do that]. A new language always seems more exciting, even though it drags in the same old problems of bindings. I am just not convinced by Rust, even though it does seem to be seeing some success currently in kernels where package manager bandages to the bindings problem (crates.io) are less available.

But Windows, though? lbriner facepalms furiously:

My concern is that Windows is already a massive dumpster fire of random bits and bobs. They haven’t completed the migrations from the very earliest versions of Windows, they just increase the complexity at all points. The same is true of most of their major desktop apps including Visual Studio, which runs something like 30 processes just to have the main window running including a hotchpotch of EdgeView and Node.js bits.

Meanwhile, u/JesusWasACryptobro sounds slightly cynical:

Well that’s good for Rust’s testing anyways. If any company could manufacture incompetence capable of breaking an idiot proof language it’s M$.

And Finally:

Dirty barnacles

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Raquel Smith (via Unsplash; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 595 posts and counting.See all posts by richi