Windows 11 2022 Update: security improvements
Microsoft released the first feature update for Windows 11 this week. The new version of Windows 11 introduces a number of usability improvements and some new features, with more promised to be dropped in October 2022.
Microsoft did provide a summary of some of the security features and improvements that went into the Windows 11 2022 Update, but failed to reveal details on those features.
In a hurry? Here are the main security-related changes
- Smart App Control, a new security feature that blocks untrusted and potentially dangerous applications, enabled on new devices or reset devices.
- Hypervisor-protected code integrity (HVCI) enabled on all Windows 11 devices.
- Microsoft vulnerable driver block list enabled on new devices by default and opt-in available for old devices.
- Enhanced phishing protection in Microsoft Defender Smartscreen
Smart App Control
Smart App Control is a new security feature that is designed to improve protection against untrusted applications.
Microsoft describes the feature in the following way:
Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools
Broken down to its core, Smart App Control blocks the execution of certain file types downloaded from the Internet and untrusted applications. It is a cloud-powered security service according to Microsoft. When Smart App Control determines that the app is safe,
Here is an overview of the different scan results of the security feature:
- App is determined safe -- allowed to run on the Windows 11 PC.
- App is determined to be malicious or potentially unwanted -- blocked from running on the PC.
- Smart App Control can't predict either way:
- if the app has a valid signature -- allowed to run on the Windows device.
- if the app has no valid signature -- blocked from running on the PC.
When enabled Smart App Control runs in evaluation mode at first. Windows 11 uses the mode to determine whether Smart App Control should be enabled in full mode on the system. The execution of apps and files is not blocked in evaluation mode.
There is currently no option to allow the execution of an app that Smart App Control blocked on the system.
Smart App Control may be turned off by system administrators, but the turning off is permanent. There is no option to enable the security feature again after it has been turned off on the running system. The only available options, according to Microsoft, are to reset the PC or to clean install Windows 11.
Additionally, Smart App Control is only available on new Windows 11 2022 Update installations. Upgraded devices won't get the feature. A likely reason for that is that the feature may interfere with applications and files that are already on the Windows PC.
Enhanced phishing protection
Enhanced phishing protection is a new security feature that is integrated into the Windows 11 2022 Update. Windows 11 detects automatically when users enter the Windows account password into applications or websites, and checks whether the app or website has a secure trusted connection.
If that is not the case, Windows 11 informs users about the potential danger- Enhanced phishing protection works with Microsoft Account, Active Directory, Azure Active Directory and local passwords, any Chromium-based browser and applications.
Whenever enhanced phishing protection detects unsafe usage of the Windows passwords, two things happen:
- The user is informed about the issue and gets the suggestion to change the account password immediately.
- The incident is reported to IT through the MDE portaIT through the MDE portal.
Enhanced Phishing Protection warns users about reuse of the Windows 11 account password next to that using a popup. Last but not least, Windows Security will warn users if they try to store the account password in a local app, such as Notepad.
The feature is part of SmartScreen.
Windows 11 administrators may configure it on the following way:
- Open Start > Settings, or use Windows-I to open the Settings app using the keyboard shortcut.
- Go to Privacy & Security > Windows Security.
- Activate the "Open Windows Security" button on the page.
- Open App & Browser Control.
- Select the "Reputation-based protection settings" link on the page that opens.
- The following options are listed under Phishing Protection:
- Turn phishing protection on or off.
- "Warn me about malicious apps and sites" (on by default).
- "Warn me about password reuse" (off by default).
- "Warn me about unsafe password storage" (off by default).
Additional information about the feature, including Enterprise policy options, is available on Microsoft's Tech Community website.
Vulnerable driver protection
Microsoft added two new protections that protect Windows 11 devices against driver attacks. Drivers, just like other software, may introduce security issues, which threat actors may exploit.
The Windows 11 2022 Update uses a new vulnerable driver block list to block certain drivers from being loaded by the operating system. Often, updated drivers are available, which administrators may install to add support for a device to the operating system.
The block list feature takes advantage of Windows Defender Application Control to block vulnerable driver versions from running on the Windows device.
The second protective feature is called Hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS). It is available on devices with Intel 8th generation or newer chipsets.
At its core, it ensures that only validated code may be executed in kernel mode. It achieves this by running kernel mode code integrity "inside the secure VBS environment instead of the main Windows kernel".
It protects against attacks that rely "on the ability to inject malicious code into the kernel" of the Windows operating system.
Credential Guard is enabled on Windows 11 Enterprise systems. Microsoft notes that the feature increase protections from vulnerabilities "greatly" and that it prevents "the use of malicious exploits that attempt to defeat protections".
Not all security features are available for all Windows 11 2022 Update users. Some require a fresh install or reset, others Enterprise versions of Windows 11 or special hardware.
All Windows 11 devices benefit from the vulnerable driver block list and phishing protection by default. The latter can be turned off in Windows Security.
Now You: what is your take on these security features?