Windows 11 22H2: These are the big new security features


computer user

Photo: Getty / MoMo Productions

with Windows 11 22H2 is coming nowBeside New features Microsoft’s OS update also provides security upgrades as well.

With ransomware, sophisticated hacking attacks, and phishing threats showing no sign of abating, Microsoft has rethought security in Windows 11 with the goal of preventing more threats by default.

Windows 10 has a lot of core security features, but Microsoft left it up to the user to enable and configure it based on its own trade-offs with performance and compatibility, David Weston, Microsoft vice president of enterprise security and operating system for ZDNET, told ZDNET.

“We really turned that philosophy around. We found that a very low percentage of people can really understand the trade-offs they are making and were really looking to Microsoft to find out. We took that feedback and integrated it into Windows 11. We are very focused on preventing attacks,” Weston said.

“With Windows 11, we’re focused on the threat landscape and what are the biggest attack vectors — phishing, malware through attachments or downloads, and data protection attacks. We’re focused on resolving these large-scale attacks at the prevention level.”

Windows 11 22H2 – also known as Windows 11 Update 2022 – includes several improvements that protect against attacks on the Windows kernel through vulnerable drivers, with more credential protection, better defenses against malicious server attacks, and easier passwordless authentication.

But according to Weston, the main security feature of Windows 11 22H2 is Smart App Control, which enables app control by default.

Microsoft experimented with the allow list policy in Windows 10 S. on “tens of millions of devices” and they haven’t seen “any malware” on them thanks to it, says Weston. The problem is using a blunt policy tool: app installs were limited to the Microsoft Store.

This time, the app’s control relies on artificial intelligence to determine the allow list. Microsoft tested this with Windows 11 Insiders this year Via smart app control feature.

The Allow menu only allows a group of apps to run in Windows 11. Smart App Control is based on the same features as Windows Windows Defender Application Controlwhich requires that policies be allowed to be manually selected.

“Application control is one of the most effective and also difficult things to do traditionally,” Weston said.

So, when users get an app used by millions of others — regardless of whether it’s from a store or a website — it will “work as usual,” Weston says. But if someone sends an app as an attachment recently created to bypass the antivirus, it won’t run because it’s not in the allow list.

“Most of the applications we use today are used by millions of other people. Most malware is only seen on two machines. We got into the core of the operating system this execution mechanism. Before Windows 11 22H2, this was the policy you should write yourself in a file XML. You can imagine that this is very difficult in an organization to figure out what applications everyone needs,” Weston said.

Windows 11 22H2 also blocks “most vector scripts from the Internet”. He was informed in part of the Office team’s decision to block untrusted macros by default from the Internet.

“Windows 11 22H2 took this idea even further. We said no PowerShell, no LNK files, no Visual Basic from the internet. Anyone watching the threat landscape knows these are some of my favorites. In Windows 11 in Smart App Control mode prevents those threats.”

Microsoft will gradually roll out the security feature to users. There will be a one-click option for users to leave Smart App Control, which requires a restart to exit it. Over time, Microsoft will release more precise policies, for example, to enable a specific app to run while the feature is otherwise enabled.

“For people who can stay in this situation, based on our data from things like Defender, this will be one of the most important security features out there and will block scripting and most malware vectors,” Weston predicted.

Smart App Control is intended for Windows 11 consumers and small businesses. It will default to Windows 11 in organizations, but Microsoft doesn’t expect them to deploy it because many organizations have their own business applications. Microsoft expects them to use Windows Defender Application Control instead, Weston says.

More security improvements to protect credentials

In the first version of Windows 11, Microsoft Virtualization-based security (VBS) only for the latest AMD, Intel and Qualcomm processors. Weston believes that Windows in the future will benefit more from VBS.

Also, for Enterprise editions of Windows 11 22H2, Microsoft turns on Credential Guard by default. In Windows 10, Go Credential Guard NTLM Credentials outside of Windows and in VBS to overcome credential dump tools such as mimics.

Microsoft has now turned on Local Security Authority Subsystem Service (LSASS) protected processes for new Windows 11 devices joining organizations. LSA stores credentials for Microsoft and third parties. With this protection, Windows will only load trusted and signed code, making it more difficult for attackers to steal credentials.

“What we said is, ‘No process, including administrators, can read or write from the LSA. This defeats a lot of common credential theft and lateral movement tools. It’s not as powerful as VBS and eventually we want to port everything over to VBS, but this is an excellent bridging technique that will have a real impact. Jumping into LSA and credential dumping is one of the most common attack vectors. It won’t happen again,” Weston says.

For secure-core PCs and laptops, Microsoft has also introduced a new encryption technology as a second layer for BitLocker called Personal Data Encryption (PDE).

If you lose a laptop and the attacker opens it on the login screen, the data on the disk is still decrypted. If the attacker attaches a special device or bypasses the lock screen to access data or run code, he can steal the data.

While SecuredCore PCs address this threat by locking ports, PDE provides a way to enable encryption of a file outside of BitLocker so that even if an attacker had a way to bypass BitLocker, they would still encounter an encrypted file, effectively creating a second security network bypassing BitLocker.


Leave a Reply

Your email address will not be published. Required fields are marked *