Digital transformation

Microsoft announces new security features for Windows.

Phan Van Hoa November 21, 2024 16:00

To enhance the security of the Windows operating system, Microsoft has announced new security features to strengthen user confidence.

Accordingly, following the severe CrowdStrike outage in the summer of 2024, which affected approximately 8.5 million computers globally, Microsoft quickly responded to restore user confidence.

This incident, related to a faulty software update for CrowdStrike, caused a "blue screen of death" (BSOD), bringing many systems down and severely impacting industries and public services.

Ảnh minh họa
Illustrative image.

In response, Microsoft announced a series of major improvements to the Windows operating system, focusing on enhancing security, improving stability, and enhancing system recovery mechanisms in the event of similar incidents.

Remotely restore a malfunctioning machine.

The incident that occurred last July caused serious problems, preventing IT administrators from remotely troubleshooting when computers were stuck in a continuous boot loop. To address such situations, Microsoft developed Quick Machine Recovery, providing a fast and efficient recovery solution.

This feature is expected to be opened to the Windows Insider community for testing in early 2025, promising to significantly improve system recovery and minimize downtime.

This remote recovery tool is designed to handle Windows Update-related errors on PCs, even when the system won't boot. Notably, it completely eliminates the need for direct access to the device, offering superior convenience and efficiency in remote troubleshooting.

David Weston, Vice President of Enterprise Security and Operating Systems at Microsoft, confidently stated: "This remote recovery feature will provide the ability to quickly resolve major incidents, helping your team get back to work more efficiently than ever before."

Remove unnecessary components, including the built-in antivirus software.

Numerous changes are being implemented to minimize reliance on administrative privileges from applications and users. Microsoft views excessive privilege ownership by applications and users as a persistent challenge, requiring radical solutions to enhance security and system stability.

Windows is currently testing a new Administrator protection solution where standard user privileges are set as the default. When users need to make system changes requiring administrator privileges, such as installing applications, they will be prompted to authorize the changes through the Windows Hello security system. This not only ensures changes are made securely but also enhances protection against unauthorized access or potential threats.

Security will be enhanced by deploying temporary, fully isolated governance tokens to perform tasks requiring high-level access. This approach helps mitigate the risk of attacks, protecting administrative privileges from abuse or unauthorized intrusion.

"This temporary token will be immediately destroyed once the task is complete, ensuring that administrator privileges do not exist. Administrator protection helps ensure that the user, not malware, retains control over system resources," Weston said in a blog post.

Any potential attackers will be deterred because they will no longer be able to automatically and directly access the operating system kernel or other critical system resources without specific permission.

This means that security products, such as antivirus software, can run in user mode just like regular applications, enhancing flexibility and reducing the risk of impacting system stability.

In July 2025, Microsoft plans to launch a developer-only preview of its security product ecosystem, focusing on this groundbreaking change. The goal is to deliver a higher level of security while ensuring the Windows operating system is less affected in the event of a crash or error, creating a safer and more stable environment for users.

Under the new initiative, Microsoft will require partners to deploy security product updates in phases, using a controlled deployment process combined with rigorous monitoring mechanisms. The goal is to ensure that any negative impacts from updates are detected and minimized, providing stability and security for users.

According to Microsoft's 2024 Digital Defense Report, the number of incidents involving users abusing access to steal tokens has skyrocketed, reaching an alarming 39,000 cases per day.

Focus on reliable applications and drivers.

Microsoft suggests that businesses use intelligent application control policies to eliminate attacks such as malicious attachments and social media-based malware.

IT administrators can now simplify the process by selecting the 'signed and trusted policy' template in the application control wizard. This option allows verified, highly trusted applications to run smoothly regardless of deployment location. For enterprise applications not yet verified by Microsoft, administrators can easily add them through custom policy changes or by deploying them through the Microsoft Intune application management system.

The Hotpatch feature is now available on Windows.

Hotpatching is a software update technique that allows bug fixes or upgrades to be applied while the system or application is still running. This feature eliminates the need to restart the system, minimizing downtime, which is especially important for enterprise systems or servers.

Weston stated: "The Hotpatch feature is now rolled out on Windows 11 Enterprise 24H2 and Windows 365, bringing a new step forward in enhancing the seamless update experience for users."

Hotpatch will shorten the time it takes to apply critical security updates by "up to 60% from the time the security update is available".

Microsoft also believes the new feature will reduce the number of system restarts required from 12 times a year to just 4 times.

Other features enhance privacy and security.

At its annual Ignite 2024 technology event in late November, Microsoft is expected to focus on introducing a range of advanced security features. The tech giant is making a significant shift in its security strategy by adopting more secure programming languages. This includes gradually transitioning from implementing functions using C++ to Rust, aiming to enhance system protection against common security vulnerabilities.

To enhance authentication protection, Microsoft has upgraded the multi-factor authentication (MFA) solution integrated into Windows Hello, while also expanding support for password keys. With this improvement, users no longer have to compromise between simplicity and security when logging in. Furthermore, Windows Hello is now used to protect features like Recall and encrypt personal data, providing a more comprehensive layer of security for users.

Microsoft is expanding its encryption options to enhance security, including the Personal Data Encryption feature for known folders. When this feature is enabled, file contents are fully protected and can only be accessed after authentication via Windows Hello; even device administrators cannot view the data without passing this security layer.

Microsoft's Zero Trust DNS solution, launched in May 2024, provides enhanced access control for IT administrators. This tool allows administrators to restrict access to unauthorized domains and block traffic originating from specific IP addresses. By default, Zero Trust DNS blocks all outgoing traffic except for essential services, ensuring a secure network environment and maximum security compliance.

In addition, the feature The new configuration is now available, giving administrators the ability to automatically restore system settings to their original state. This is especially useful in cases where settings are unintentionally changed by users or other applications, helping to ensure the system operates stably and in its original configuration.

According to Cybernews
Copy Link
0 0 0

Featured in Nghe An Newspaper

x
Microsoft announces new security features for Windows.
Google News
POWERED BYFREECMS- A PRODUCT OFNEKO