Windows 10: Windows 11 2022 Update: security improvements

Microsoft released the first feature update for Windows 11 this week. The new version of Windows 11 introduces a number of usability improvements and some new features, with more promised to be dropped in October 2022.

Microsoft did provide a summary of some of the security features and improvements that went into the Windows 11 2022 Update, but failed to reveal details on those features.

In a hurry? Here are the main security-related changes

• Smart App Control, a new security feature that blocks untrusted and potentially dangerous applications, enabled on new devices or reset devices.
• Hypervisor-protected code integrity (HVCI) enabled on all Windows 11 devices.
• Microsoft vulnerable driver block list enabled on new devices by default and opt-in available for old devices.
• Enhanced phishing protection in Microsoft Defender Smartscreen

Smart App Control




Smart App Control is a new security feature that is designed to improve protection against untrusted applications.

Microsoft describes the feature in the following way:

Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools
​

Broken down to its core, Smart App Control blocks the execution of certain file types downloaded from the Internet and untrusted applications. It is a cloud-powered security service according to Microsoft. When Smart App Control determines that the app is safe,

Here is an overview of the different scan results of the security feature:

• App is determined safe -- allowed to run on the Windows 11 PC.
• App is determined to be malicious or potentially unwanted -- blocked from running on the PC.
• Smart App Control can't predict either way:
  • if the app has a valid signature -- allowed to run on the Windows device.
  • if the app has no valid signature -- blocked from running on the PC.

When enabled Smart App Control runs in evaluation mode at first. Windows 11 uses the mode to determine whether Smart App Control should be enabled in full mode on the system. The execution of apps and files is not blocked in evaluation mode.



There is currently no option to allow the execution of an app that Smart App Control blocked on the system.

Smart App Control may be turned off by system administrators, but the turning off is permanent. There is no option to enable the security feature again after it has been turned off on the running system. The only available options, according to Microsoft, are to reset the PC or to clean install Windows 11.

Additionally, Smart App Control is only available on new Windows 11 2022 Update installations. Upgraded devices won't get the feature. A likely reason for that is that the feature may interfere with applications and files that are already on the Windows PC.

Enhanced phishing protection




Enhanced phishing protection is a new security feature that is integrated into the Windows 11 2022 Update. Windows 11 detects automatically when users enter the Windows account password into applications or websites, and checks whether the app or website has a secure trusted connection.

If that is not the case, Windows 11 informs users about the potential danger- Enhanced phishing protection works with Microsoft Account, Active Directory, Azure Active Directory and local passwords, any Chromium-based browser and applications.



Whenever enhanced phishing protection detects unsafe usage of the Windows passwords, two things happen:

1. The user is informed about the issue and gets the suggestion to change the account password immediately.
2. The incident is reported to IT through the MDE portaIT through the MDE portal.

Enhanced Phishing Protection warns users about reuse of the Windows 11 account password next to that using a popup. Last but not least, Windows Security will warn users if they try to store the account password in a local app, such as Notepad.

The feature is part of SmartScreen.

Windows 11 administrators may configure it on the following way:

1. Open Start > Settings, or use Windows-I to open the Settings app using the keyboard shortcut.
2. Go to Privacy & Security > Windows Security.
3. Activate the "Open Windows Security" button on the page.
4. Open App & Browser Control.
5. Select the "Reputation-based protection settings" link on the page that opens.
6. The following options are listed under Phishing Protection:
   • Turn phishing protection on or off.
   • "Warn me about malicious apps and sites" (on by default).
   • "Warn me about password reuse" (off by default).
   • "Warn me about unsafe password storage" (off by default).

Additional information about the feature, including Enterprise policy options, is available on Microsoft's Tech Community website.

Vulnerable driver protection


Microsoft added two new protections that protect Windows 11 devices against driver attacks. Drivers, just like other software, may introduce security issues, which threat actors may exploit.

The Windows 11 2022 Update uses a new vulnerable driver block list to block certain drivers from being loaded by the operating system. Often, updated drivers are available, which administrators may install to add support for a device to the operating system.

The block list feature takes advantage of Windows Defender Application Control to block vulnerable driver versions from running on the Windows device.

The second protective feature is called Hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS). It is available on devices with Intel 8th generation or newer chipsets.

At its core, it ensures that only validated code may be executed in kernel mode. It achieves this by running kernel mode code integrity "inside the secure VBS environment instead of the main Windows kernel".

It protects against attacks that rely "on the ability to inject malicious code into the kernel" of the Windows operating system.

Credential Guard

Credential Guard is enabled on Windows 11 Enterprise systems. Microsoft notes that the feature increase protections from vulnerabilities "greatly" and that it prevents "the use of malicious exploits that attempt to defeat protections".

Closing Words

Not all security features are available for all Windows 11 2022 Update users. Some require a fresh install or reset, others Enterprise versions of Windows 11 or special hardware.

All Windows 11 devices benefit from the vulnerable driver block list and phishing protection by default. The latter can be turned off in Windows Security.

Now You: what is your take on these security features?

Thank you for being a Ghacks reader. The post Windows 11 2022 Update: security improvements appeared first on gHacks Technology News.

read more...

 

Cumulative updates for Windows 10 and Windows 11 - April 2022

The following release notes coincide with the Cumulative updates for all the supported versions of Windows, for the month of April 2022.

Windows 11

Windows 11 (original release): KB5012592 Build 22000.613

April 12, 2022—KB5012592 (OS Build 22000.613) (microsoft.com)

This security update includes improvements that were a part of update KB5011563 (released March 22, 2022) and also addresses the following issues:

• This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
  

Windows 11 servicing stack update - 22000.581

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Windows 10

Windows 10, version 20H2; Windows 10, version 21H1; and Windows 10, version 21H2 – KB5009543 Build 19042.1466; 19043.1466; and 19044.1066

April 12, 2022—KB5012599 (OS Builds 19042.1645, 19043.1645, and 19044.1645) (microsoft.com)

This security update includes improvements that were a part of update KB5011543 (released March 22, 2022) and also addresses the following issues:

• Addresses an issue that causes a Denial of Service vulnerability on Cluster Shared Volumes (CSV). For more information, see CVE-2020-26784.
  

Windows 10 servicing stack update - 19042.1613, 19043.1613, and 19044.1613

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

3/15/22
IMPORTANT Windows 10, version 20H2 will reach end of service on May 10, 2022 for devices running the Home, Pro, Pro Education, and Pro for Workstations editions. After May 10, 2022, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 or Windows 11.

We will continue to service the following editions: Enterprise, IoT Enterprise, Windows on Surface Hub, and Windows Server, version 20H2.

Download the updates manually from the Microsoft Update Catalog.

 

Microsoft June 2022 Security Updates

June 2022 Security Updates
Updates this Month


This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
  
• Azure OMI
  
• Azure Real Time Operating System
  
• Azure Service Fabric Container
  
• Intel
  
• Microsoft Edge (Chromium-based)
  
• Microsoft Office
  
• Microsoft Office Excel
  
• Microsoft Office SharePoint
  
• Microsoft Windows ALPC
  
• Microsoft Windows Codecs Library
  
• Remote Volume Shadow Copy Service (RVSS)
  
• Role: Windows Hyper-V
  
• SQL Server
  
• Windows Ancillary Function Driver for WinSock
  
• Windows App Store
  
• Windows Autopilot
  
• Windows Container Isolation FS Filter Driver
  
• Windows Container Manager Service
  
• Windows Defender
  
• Windows Encrypting File System (EFS)
  
• Windows File History Service
  
• Windows Installer
  
• Windows iSCSI
  
• Windows Kerberos
  
• Windows Kernel
  
• Windows LDAP - Lightweight Directory Access Protocol
  
• Windows Local Security Authority Subsystem Service
  
• Windows Media
  
• Windows Network Address Translation (NAT)
  
• Windows Network File System
  
• Windows PowerShell
  
• Windows SMB

Please note the following information regarding the security updates:


Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-2007
  
• CVE-2022-2008
  
• CVE-2022-2010
  
• CVE-2022-2011
  
• CVE-2022-21123
  
• CVE-2022-21125
  
• CVE-2022-21127
  
• CVE-2022-21166
  
• CVE-2022-22018
  
• CVE-2022-22021
  
• CVE-2022-29111
  
• CVE-2022-29119
  
• CVE-2022-29143
  
• CVE-2022-29149
  
• CVE-2022-30136
  
• CVE-2022-30137
  
• CVE-2022-30139
  
• CVE-2022-30140
  
• CVE-2022-30141
  
• CVE-2022-30142
  
• CVE-2022-30143
  
• CVE-2022-30145
  
• CVE-2022-30146
  
• CVE-2022-30148
  
• CVE-2022-30149
  
• CVE-2022-30150
  
• CVE-2022-30151
  
• CVE-2022-30153
  
• CVE-2022-30154
  
• CVE-2022-30155
  
• CVE-2022-30157
  
• CVE-2022-30158
  
• CVE-2022-30159
  
• CVE-2022-30161
  
• CVE-2022-30162
  
• CVE-2022-30163
  
• CVE-2022-30164
  
• CVE-2022-30165
  
• CVE-2022-30167
  
• CVE-2022-30168
  
• CVE-2022-30171
  
• CVE-2022-30172
  
• CVE-2022-30173
  
• CVE-2022-30174
  
• CVE-2022-30177
  
• CVE-2022-30178
  
• CVE-2022-30179
  
• CVE-2022-30180
  
• CVE-2022-30184
  
• CVE-2022-30188
  
• CVE-2022-30189
  
• CVE-2022-30193
  
• CVE-2022-32230

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.


For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


KB Article Applies To

5002219 SharePoint Foundation 2013

5014692 Windows Server 2019

5014697 Windows 11

5014699 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2

5014738 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5014741 Windows Server 2012 (Security-only update)

5014742 Windows 7, Windows Server 2008 R2 (Security-only update)

5014743 Windows Server 2008 (Security-only update)

5014746 Windows 8.1, Windows Server 2012 R2 (Security-only update)

5014747 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5014748 Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5014752 Windows Server 2008 (Monthly Rollup)

Released: Jun 14, 2022

June 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

KB5012170: Security update for Secure Boot DBX: August 9, 2022

Read more: https://support.microsoft.com/en-us/...8-c42bd211bb15