Editor | Yun Zhao
More than five years have passed, and Microsoft has handed over half of its life to Rust.
As we all know, Microsoft has been grappling with Windows security issues for decades, one of the nightmares being the global computer blue screen incident in July last year, which attracted seismic attention.
Now, the company intends to use Rust to solve it, hoping everyone will follow suit.
Hold on, let’s take a look at a Rusty version of Microsoft. Microsoft has actually come a long way on the Rust path!
Some parts of the Windows kernel have already been rewritten in Rust.
In September, Microsoft Azure CTO Mark Russinovich delivered a keynote speech titled “From Blue Screens to Orange Crabs: Microsoft’s Rust Revolution” at RustConf 2025, where he compared the current state of Windows kernel vulnerabilities to “an underground oil depot that leaks a few drops of oil each time, but keeps leaking.”
The problem lies with: C and C++. The code may look fine, but crashes can be exceptionally severe and can be easily exploited. Microsoft’s own kernel leaks privilege escalation vulnerabilities every month in Win32k.sys (responsible for graphics and windows).
Thus, they began rewriting parts of the kernel in Rust. Not all of it, just some modules. If you check the System32 folder in Windows now, you will see a win32kbase_rs.sys file, which contains Rust code running in the kernel.
Why is the Rust version of the kernel so effective?
The key point is: when security researchers find vulnerabilities in the Rust version, the system crashes directly, rather than being exploited by attackers, Russinovich said.
“We consider this a success,” he said. “If it were written in C++, this vulnerability could lead to privilege escalation instead of an unexploitable blue screen.”
Microsoft has also rewritten DirectWrite (the font renderer), a module that has had ongoing issues for years. Two developers spent six months writing 154,000 lines of Rust code. The new version is not only faster than the old one but also free of those old problems.
Rust Fully Penetrates Azure
In addition to the Windows kernel, the Azure department, which is under its own management, is also taking action.
For years, Russinovich has been promoting Rust internally at Microsoft. Even before he had the authority to issue formal orders, he told the team: do not use C/C++ for new projects unless you can accept garbage collection; otherwise, use Rust.
Now, as Azure CTO and Deputy CISO, he has made it clear:
“Using or adding C++ is too risky; it cannot be done.”
In practice, the actions are indeed aggressive:
-
Caliptra Hardware Root of Trust is written entirely in Rust, from ROM to firmware to simulator.
-
Azure Boost (a system for managing servers and handling network offloading) mandates that all areas processing “untrusted input” must be rewritten in Rust, and new agents must also be written in Rust.
-
Hyper-V (Microsoft’s virtual machine manager, one of the safest software, starts in 1.5ms) has begun to be Rustified, with ARM64 emulation support written in Rust. Microsoft has also launched OpenVMM (an open-source virtual machine manager) that is compatible with Hyper-V, Windows, Linux, and KVM, and is entirely written in Rust.
-
There is also the Hyperlight project, an open-source library written in Rust that uses virtualization protection to securely execute small function calls.
Additionally, this year Microsoft launched the Azure Rust SDK.
Office & Data Systems Also Rewritten in Rust
Better Performance, Less Memory Usage
The problem Office faced was that DiskANN (the semantic search system) could support hundreds of nodes for Bing but could not handle millions of documents for Office.
As a result, the team directly rewrote it in Rust. Performance improved, and memory usage decreased. Some teams within Office even convinced themselves to “go all in on Rust,” believing that Rust’s concurrency handling is superior to C#.
Azure Data Explorer demonstrated the process of large-scale migration: a developer spent a year porting the storage layer to Rust, and later the query engine followed suit. It now handles hundreds of PB of data, with Rust code comprising 350,000 lines, while C# has 2.3 million lines, and C++ is decreasing.
Integration of Rust with Existing Systems
Microsoft released a MSBuild Cargo plugin that allows teams to embed Rust modules into C++/C# projects.
Russinovich stated that this is due to practical considerations: “We cannot let teams directly discard millions of lines of runnable code.”
The plugin mechanism is straightforward: Rust code is compiled using Cargo, and MSBuild treats it as a dependency. However, Microsoft has invested significant effort in resolving linking and ABI compatibility issues. The plugin has been open-sourced, making it easy for other companies to reuse.
Pragmatic Rust Guidelines for AI
Microsoft also released internal Pragmatic Rust Guidelines— an enterprise-level Rust development manual, available in two versions:
-
Human Version: for newcomers, covering error handling patterns, FFI best practices, asynchronous runtime choices, etc.
-
AI Optimized Version: formatted specifically for AI assistants like Copilot, which can be directly included in prompts for AI to follow.
This indicates that Microsoft not only values developers but also considers the popularization of AI-assisted programming.
Rewriting the “Crown Jewel”: SymCrypt
Russinovich announced that Microsoft is rewriting SymCrypt— Microsoft’s core cryptographic library that supports all encryption for Windows, Azure, and Office.
More importantly, Microsoft Research is using formal verification tools in Rust to prove the mathematical correctness of the new code and can reverse-translate it back to C++ for easier integration.
New post-quantum algorithms (such as ML-KEM) are also implemented directly in Rust from scratch. This means Microsoft is not just piloting but positioning Rust as a primary language in the cryptography field.
Moreover, even third-party drivers are to be Rustified
More aggressively, Microsoft hopes hardware manufacturers and driver developers will write drivers in Rust. They have created a windows-drivers-rs framework to connect Rust to the Windows Driver Kit (WDK):
-
wdk-build: integrates Cargo into the Windows build system
-
wdk-sys: provides raw access to Windows driver APIs
-
wdk: offers safer encapsulation
-
cargo-wdk: creates and compiles drivers like a regular Rust project
You can now write KMDF, UMDF, WDM drivers and load them on Windows 11. However, since the Windows kernel API is not designed for memory safety, many places still require writing unsafe Rust. Microsoft is developing safe encapsulations to allow most drivers to use “safe Rust.”
Microsoft’s internal developers were initially intimidated by Rust
Internal surveys at Microsoft found that developers were initially intimidated by Rust, especially those from a C++ background. However, after a few months, they adapted to Rust’s borrowing checker and even found it more enjoyable to write.
What they liked most:Performance improvements + Elimination of bug categories.What they liked least:
-
Pain of mixing C++ / C#
-
Difficulty in asynchronous debugging
-
Issues with dynamic linking
But the charm of Rust lies in the fact that even with these complaints, no one wants to give up Rust.
Microsoft’s Secret Weapon for Porting: Using AI to Translate C++ to Rust
Microsoft is developing AI tools that can automatically translate entire C++ codebases into Rust using GraphRAG technology, maintaining the original structure and functionality.
Russinovich demonstrated a tool that can automatically translate Python applications into Rust while preserving project structure and functionality.
He showcased a Python side-scrolling game of about 200 lines. Traditional LLMs produce “garbage code” in translation, while the GraphRAG tool can generate compilable and runnable Rust versions.
While it is still unclear if this can scale to million-line C++ projects, if mature, this will address Rust’s biggest adoption barrier:High porting costs.
Microsoft’s Half-Life Has Been Handed Over to Rust
“We believe that memory-safe languages like Rust represent the future of software engineering.”
The NSA in the United States also supported the migration to memory-safe languages as early as 2022, and the Linux kernel has also supported Rust. An industry trend is forming.
Microsoft hopes hardware manufacturers will write Rust drivers, so they do not have to bear the security burden alone. As long as security improvements can be proven and the tools are sufficiently refined, the ecosystem can gradually shift.
Early results indicate that Rust code can “fail safely” in critical systems rather than being exploited. Microsoft has already implemented it in the kernel, virtualization, and cryptographic libraries, and now they hope the entire ecosystem will catch up.
Russinovich admitted: Rust is penetrating Microsoft’s core infrastructure and will only accelerate. The driver framework is just the latest step in this major transformation.”
From the rewriting of the Windows kernel and Office data systems to the integration with existing software and the large-scale code migration using GraphRAG technology, as well as the Rustification of the third-party driver framework, it is evident that Microsoft’s investment in Rust goes far beyond mere “experimentation.”
It can be confirmed that with the combination of AI translation tools and seamless build integration, the threshold for Rust is lowering, potentially triggering an industry turning point.
The popularization of Rust is bound to rely on the substantial investment of software giants. For instance, Microsoft has already bet half of its life on Rust.
Reference link:
https://thenewstack.io/microsofts-rust-bet-from-blue-screens-to-safer-code/
——Recommended Reading——Microsoft advised him to charge earlier! The founder of design giant Figma reveals the launch model of his product, admitting that it is not a competitor to Cursor, sharply commenting: We are still stuck in the DOS eraAlibaba’s latest multimodal model has succeeded! Real test: multi-image synthesis pose at will, real-time video dialogue, smooth switching between 7 languages in one minute, unexpectedly discovered: training data cutoff last yearTop Rust expert laid off and helplessly posted for a job, AI took away budget resources! Follow-up: Found a new job, self-studied GPU programming in the first week, Rust employment is uncertain, new software era