Microsoft once again pledged to further strengthen the security of Windows 11. Taking lessons from the CrowdStrike incident last July, we decided to limit the use of Windows administrator rights in security solutions and further strengthen control over the installation of drivers and apps.
Microsoft recently announced new security features for Windows 11 at its annual conference, Microsoft Ignite 2024, held in Chicago, USA.
Microsoft announced that it is introducing the ‘Windows Resiliency Initiative’. The Windows Resiliency Initiative strengthens reliability, allows more apps and users to run without administrator privileges, provides greater control over app and driver execution, and improves identity protection to prevent phishing attacks.
First, we are introducing ‘Quick Machine Recovery’, which allows IT administrators to remotely access and restore users’ Windows 11. Administrators can access the user’s PC remotely even without physically accessing it or in situations where it cannot boot. This feature will be available on the Windows Insider channel early next year.
Microsoft also decided to strengthen cooperation with endpoint security partners as part of the ‘Microsoft Virus Initiative (MVI)’. It emphasized the principle that all security product updates should be incremental, utilize a deployment ring, and be monitored to minimize the negative impact of updates.
The goal is to prevent external apps from distributing updates in kernel mode using Windows administrator privileges, like the CrowdStrike incident last July. “We are developing new Windows features that will allow security leaders to build products outside of kernel mode,” Microsoft said. “Security products, such as antivirus solutions, run in user mode like regular apps.”
“This change makes recovery easier for security developers and reduces the impact on Windows in the event of a crash or mistake.” This change will be available as a private preview to the security product ecosystem next July.
Microsoft also emphasized that it is adopting secure programming languages under the ‘Secure Future Initiative (SFI)’ and is gradually moving functions from C++ to Rust.
Microsoft announced that it would address excessive use of administrator rights by users and apps. When users and apps use excessive administrator privileges, problems such as unverified apps and drivers, and insecure credentials and authentication occur. According to the 2024 Microsoft Digital Defense Report, it is estimated that 39,000 token theft incidents that abuse user privileges occur per day.
Administrator rights are a long-standing challenge for operating systems (OS), including Windows. If you run the device with administrator privileges, it is easy to perform various tasks such as adjusting the time zone, changing the registry, and installing applications. On the other hand, if the administrator account is infected with malware, the malware can directly access important resources, causing system interruption, data leakage, and system changes.
Standard user permissions are the mode recommended by the OS manufacturer. Standard user permissions basically block user access to resources and prevent malicious code or apps from automatically changing device configuration. However, changing major settings or installing apps becomes inconvenient.
User prompt to grant administrator task privileges
Windows 11 provides an ‘Administrator protection’ feature. This feature, which is in preview, allows users to have standard user permissions by default, but simplifies system changes, such as installing apps, when needed. When using administrator protection, when administrator privileges are requested, a temporarily isolated administrator token is created through ‘Windows Hello’ authentication. Temporary tokens are destroyed immediately after the operation is completed. Without specific Windows Hello authorization, you will not be able to directly access the kernel or key system security.
Additionally, Windows 11’s multi-factor authentication (MFA) is also strengthened. Windows Hello will support passkeys. Windows Hello is also used for recall and personal data encryption protection.
Protection measures against installation of untrusted apps and drivers are also provided.
Smart App Control and App Control for Business policies ensure that only verified apps run on the device. In particular, it uses AI to select trustworthy apps and drivers. Administrators simply select the ‘Signed and Trusted Policy’ template in the App Control Wizard. Run millions of verified apps regardless of where they are deployed.
For the print driver, it was advised to use ‘Windows Protected Print’. Windows Protected Print works with Mopria-certified devices and does not require a separate third-party driver.
Windows 11 Enterprise provides a ‘Personal Data Encryption for Known Folders’ feature that uses Windows Hello authentication to protect files stored in folders such as the desktop, documents, and photos. Protected files are indicated by a lock icon. Until the device administrator authenticates Windows Hello, the file remains encrypted and the contents of the file cannot be viewed. You can apply personal data encryption to all or a subset of folders using management tools such as Microsoft Intune. This can also be used independently of BitLocker.
Windows ‘Hot Patch’ is also introduced in Windows 11 Enterprise 24H2 and Windows 365. This feature allows you to apply major security updates without restarting the system, and is currently in preview.
Zero trust DNS is also introduced. This feature allows Windows devices to connect only to protected DNS servers. Blocks outbound IPv4 or IPv6 traffic without administrator permission.
‘Config Refresh’ automatically returns system settings to the preferred configuration when a user or app changes the system registry. It operates locally without the need to connect to MDM.
“The newly announced Windows Resiliency Initiative is a very important step,” said Microsoft CEO Satya Nadella. “We are committed to making Windows more secure and reliable to support all mission-critical workloads.”
“As part of this work, we are changing our low-level OS approach and working across the ecosystem to introduce new features and establish new guidelines for secure deployment practices,” he said. “We are continuously strengthening security and resilience,” he emphasized.
writing. Byline Network
yong2@byline.network
While “Hot Patch” technology promises to streamline security updates, what potential risks or challenges might arise from implementing such a significant change to the system update process?
## Windows 11: A Deep Dive into Enhanced Security
**Introduction**: Welcome to World Today News’ exclusive interview on the groundbreaking security enhancements announced by Microsoft for Windows 11. Joining us today are two esteemed experts: [Guest 1 Name and Title], renowned cybersecurity analyst and [Guest 2 Name and Title], a leading developer specializing in operating system security.
**Section 1: Lessons Learned and the Resiliency Initiative**
* **Host**: The CrowdStrike incident last July seems to have prompted a significant reassessment of security strategies for Windows 11. Could you elaborate on the specific lessons learned from this event and how they have shaped the ‘Windows Resiliency Initiative’?
* **Host**: Microsoft is making shifts in how security solutions interact with the Windows kernel. [Guest 1], what are your thoughts on the pros and cons of this move, and how might it impact both software developers and end-users?
**Section 2: The Role of Administrator Rights**
* **Host**: The article highlights the inherent challenges posed by excessive use of administrator rights. [Guest 2], what are some alternative approaches to granting required privileges without compromising overall system security?
* **Host**: Windows 11’s ‘Administrator protection’ feature is an interesting proposition. Could both our guests shed light on the potential benefits and drawbacks of this approach, especially regarding the user experience?
**Section 3: Tackling Software Trust and Driver Security**
* **Host**: Building trust regarding software installations is crucial in today’s threat landscape. How effective do you think Smart App Control and App Control for Business policies will be in mitigating the risks posed by untrusted apps and drivers?
* **Host**: ‘Windows Protected Print’ is another key feature aimed at secure printing. What are its advantages over traditional methods, and how important is compatibility with Mopria-certified devices in this context?
**Section 4: Data Protection and System Updates**
* **Host**: ‘Personal Data Encryption for Known Folders’ introduces an intriguing layer of data protection. Could you both discuss the implications of using it independent of BitLocker, especially regarding performance and usability?
* **Host**: The introduction of ‘Hot Patch’ for seamless applications of security updates is certainly welcome news.
[Guest 1], what are your thoughts on the long-term potential of this technology in terms of reducing downtime and enhancing protection against zero-day exploits?
**Section 5: Looking Ahead: The Future of Windows Security**
* **Host**: What are your final thoughts on the ‘Windows Resiliency Initiative’ and its potential to shape the future of Windows security?
* **Host**:
Thank you both for these insightful perspectives. We at World Today News believe these developments underscore Microsoft’s commitment to building a more secure and robust Windows 11 ecosystem.”
