Along with new productivity-focused features, enhancements, and visual changes, Windows 11 2022 Update (Version 22H2) also comes with several enhancements to improve security against ransomware, phishing threats, and sophisticated hacking attacks.
For example, in this release, Microsoft is tightening security by adding a new Smart App Control (SAC) feature to block dangerous apps. The update enables, by default, features previously disabled, such as Hypervisor Protected Code Integrity (HVCI) and Vulnerable Driver Blocklist.
Additionally, as part of SmartScreen technology, version 22H2 enables enhanced phishing protection to notify users when they enter a password into a compromised application or web service and much more.
This guide highlights the best security provided by Microsoft with the Windows 11 2022 update.
Smart app control
On Windows 11 2022 Update, Smart App Control (SAC) is a new Windows Security app security feature that helps prevent scripting attacks and protects you from running untrusted or unsigned apps which may be associated with malware or attack tools. To do this, the feature uses an AI model that proactively receives updates to predict and decide if the app is safe to use.
The app is available for all editions of Windows 11 with a clean install of version 22H2, but network administrators can also use Microsoft Intune to configure it.
First you need to enable Smart App Control in trial mode. In this mode, the feature will learn and determine if it can help protect the computer without being intrusive. If so, SAC will activate automatically. Otherwise, it will turn off automatically.
Protection of vulnerable conductors
Starting with Windows 11 version 22H2, the system uses virtualization-based security (VBS) to enhance kernel protection to help prevent driver vulnerability exploits on the latest silicon from AMD, Intel, and Qualcomm.
As part of these changes, the memory integrity feature (Hypervisor Protected Code Integrity (HVCI)) will now be enabled by default on new devices.
According to the company (opens in a new tab), the memory integrity feature uses VBS to run kernel-mode code integrity (KMCI) in the secure environment instead of the kernel to minimize attacks that attempt to modify the kernel. In other words, using this approach, only committed code will be executed in kernel mode.
Microsoft also implements a list of vulnerable drivers to block specific drivers from loading to prevent persistent threats and ransomware attacks from exploiting known vulnerable drivers to access the Windows kernel.
The blocking policy is now enabled by default, but users must apply it manually through Windows Defender Application Control.
Improved Phishing Protection
The 2022 update also brings “enhanced phishing protection” as part of SmartScreen technology that can determine in real time whether the web service or application is secure and a trusted entity. Otherwise, Windows 11 will detect that the user is trying to enter a password and notify them of the risk. According to the company (opens in a new tab)this will allow network administrators to identify when a password has been compromised and take action.
The new protection works with Microsoft account, Active Directory, Azure Active Directory, local passwords, and on any Chromium-based browser (such as Microsoft Edge and Google Chrome) or any app that might connect to a phishing site.
When a new phishing attack is detected, the end user receives a notification in a dialog box and suggests changing the password. In addition, the problem will then be submitted to the technical department via the MDE portal.
Additionally, the Anti-Phishing feature will warn users if their passwords are reused and if they try to store other passwords on the computer using a note-taking application like the Notepad.
Personal Data Encryption (PDE)
Windows 11 version 22H2 also comes with Personal Data Encryption (PDE), (opens in a new tab) a new security feature in the Enterprise edition of the operating system that provides more means of data encryption.
While BitLocker uses encryption for the entire drive, PDE offers encryption for individual files using Windows Hello for Business to bind encryption keys to user credentials for fast decryption.
In the event that the device is misplaced, the attacker will have to bypass BitLocker’s already strong protection, only to find that individual files are also encrypted using PDE, creating a second layer of protection.
Other security improvements
For businesses and organizations, Microsoft is also enabling several features by default and relaxing requirements for others to improve Windows 11 security.
In this release, for example, Windows Defender Credential Guard is now enabled by default to minimize attacks against credential theft techniques, such as pass-the-hash or pass-the-ticket.
Microsoft is also enabling credential isolation with Local Security Authority (LSA) protection by default on version 22H2 to add an extra layer of protection for domain-joined devices, as this is an important process to verify a user’s identity.
Additionally, the company makes it easier to deploy Windows Hello for Business by removing the need for a public key infrastructure (PKI) to set up the feature.
Finally, there is a new feature known as “configuration lock” for “secure-core PCs”. The feature was designed to prevent misconfigurations when users with administrator privileges make system changes that put the computer out of sync with corporate security policies. While using this feature, if the system detects any unwanted changes, it will immediately revert to the original settings previously configured by the organization.
More resources
For more helpful articles, coverage, and answers to common Windows 10 and Windows 11 questions, visit the following resources:
#Whats #Security #Windows #Update