Microsoft released the first feature update for Windows 11 this week. The new version of Windows 11 introduces a number of usability improvements and some new features, with more to be dropped in October 2022.
Microsoft provided a summary of some of the security features and improvements in the Windows 11 2022 Update, but failed to reveal the details of those features.
In a hurry? Here are the main security-related changes
- Smart App Control, a new security feature that blocks untrusted and potentially dangerous apps, is enabled on new or reset devices.
- Hypervisor-Protected Code Integration (HVCI) is enabled on all Windows 11 devices.
- The Microsoft Vulnerable Driver Block List is enabled on new devices by default and subscription is available for older devices.
- Improved phishing protection in Microsoft Defender Smartscreen
Smart APP Control
Smart App Control is a new security feature designed to improve protection against untrusted apps.
Microsoft describes the feature in the following way:
Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned apps often associated with malware or attack tools.
Broken down to its core, Smart App Control blocks the execution of certain types of files downloaded from the Internet and untrusted applications. It is a security service that runs on the cloud according to Microsoft. When Smart App Control determines that the app is secure,
Here is an overview of the various scan results for the security feature:
- The app has been marked as safe – it is allowed to run on a Windows 11 PC.
- The application has been identified as malicious or unwanted – it has been blocked from running on the PC.
- Smart App Control cannot predict either direction:
- If the application has a valid signature – it is allowed to run on the Windows machine.
- If the application does not have a valid signature – it is blocked from running on the computer.
When enabled, Smart App Control runs in assessment mode initially. Windows 11 uses the mode to determine whether Smart App Control should be enabled in full mode on the system. Execution of applications and files is not blocked in evaluation mode.
There is currently no option to allow the execution of an app that Smart App Control has blocked on the system.
System administrators may turn off Smart App Control, but turning off is permanent. There is no option to enable the security feature again after turning it off on the running system. The only available options, according to Microsoft, are to reset the PC or clean install Windows 11.
Additionally, Smart App Control is only available on new Windows 11 2022 update installations. Upgraded devices will not get the feature. The possible reason for this is that the feature may be interfering with applications and files that are already on your Windows PC.
Improved phishing protection
Improved phishing protection is a new security feature built into the Windows 11 2022 Update. Windows 11 automatically detects when users enter a Windows account password in apps or websites, and checks if an app or website has a secure and reliable connection.
If not, Windows 11 notifies users of the potential danger – Enhanced anti-phishing protection works with Microsoft account, Active Directory, Azure Active Directory, local passwords, and any Chromium-based browser and apps.
When Enhanced Phishing Protection detects insecure use of Windows passwords, two things happen:
- The user is informed of the problem and gets a suggestion to change the account password immediately.
- The incident is reported to the IT department through the MDE portaIT through the MDE portal.
Enhanced phishing protection warns users against reusing their Windows 11 account password next to it with a popup. Last but not least, Windows Security warns users if they try to store the account password in a local application, such as Notepad.
This feature is part of SmartScreen.
Windows 11 administrators can configure it in the following way:
- Open Start > Settings, or use Windows-I to open the Settings app with a keyboard shortcut.
- Go to Privacy and Security > Windows Security.
- Activate the “Unlock Windows Security” button on the page.
- Open the app and browser control.
- Select the “Reputation-based protection settings” link on the page that opens.
- The following options are listed under Phishing Protection:
- Turn phishing protection on or off.
- Warn me about malicious apps and sites (default).
- Warn me about password reuse (off by default).
- Warn me about insecure password storage (off by default).
Additional information about the feature, including enterprise policy options, is available on the Microsoft . website tech community site.
Weak driver protection
Microsoft has added two new protections to protect Windows 11 devices from driver attacks. Drivers, like other software, can cause security issues that threatening actors can exploit.
The Windows 11 2022 Update uses a new block list of vulnerable drivers to prevent certain drivers from being loaded by the operating system. Often, updated drivers are available, which administrators may install to add support for a device to the operating system.
The block list feature takes advantage of Windows Defender Application Control to prevent vulnerable driver versions from running on your Windows device.
The second protection feature is called Hypervisor Protected Code Integrity (HVCI), which uses virtualization-based security (VBS). It is available on devices with 8th Intel chipset or later.
In essence, it ensures that validated code can only be executed in kernel mode. It achieves this by running kernel mode code integration “within the secure VBS environment instead of the main Windows kernel”.
It protects against attacks that rely on the “ability to insert malicious code into the kernel” of the Windows operating system.
Credential Guard is enabled on Windows 11 Enterprise systems. Microsoft states that the feature increases protections “significantly” from vulnerabilities and that it prevents “the use of malicious exploits that attempt to defeat the protection.”
Not all security features are available to all users of Windows 11 2022 Update. Some require a fresh install or reset, and others require Enterprise editions of Windows 11 or special hardware.
All Windows 11 devices benefit from a vulnerable driver block list and anti-phishing protection by default. The latter can be turned off in Windows Security.
Now you: What do you think of these security features?
#Windows #Update #Security #Improvements