In every version of Windows since Windows NT, the most fundamental component of the OS is the kernel.
Here’s a relatively simple explanation of the kernel and why keeping it updated is important — and also a bit chancy.
Understanding the foundation of Windows
Windows, like most operating systems, is built of layers of code. The bottom layer is typically the executive manager of the OS. Called the kernel or kernel mode, it ultimately controls and has access to all parts of a computing system, both hardware and software. The top layer, the user mode, acts as a filter, translator, and gatekeeper between the kernel and user applications and system input/output. It’s also where our applications run, which typically prevents them from directly accessing critical PC components.
It’s the kernel’s full access to all system resources that makes it such an attractive target for malware attacks. Get direct access to a PC’s kernel code, and you’ve gained access to — and potentially control of — the entire system. That’s why you see many kernel vulnerabilities.
As noted in a Wikipedia discussion, both user and kernel modes are constructed of interconnected modules of code. For example, the kernel-mode layer includes the hardware abstraction layer, kernel code, kernel-device drivers, and executive services — which is further divided into numerous other components. User mode includes system support processes, service processes, user applications, environmental subsystems, and subsystem DLLs.
The kernel-mode components of Windows
At the top of the kernel mode is the Windows Executive layer (see Figure 1). There’s no executive washroom here, but you will find top-level management for memory, processes and threads, security, input/output, networking, graphics, and more.
Below the Executive layer is the kernel code — think of it as middle management. As detailed in Mark Russinovich and David Solomon’s series of books on Windows, Windows Internals (more info), these low-level functions include “thread scheduling, interrupt and exception dispatching, and multiprocessor synchronization.” The kernel-mode drivers have routines that other OS components use “to implement higher-level constructs.” To a mere mortal like me, that means the Windows kernel is a building block upon which the rest of the operating system stands. If it’s not happy, the rest of your computing experience will be less than stellar.