Digital transformation

Microsoft announces new security features for Windows

Phan Van Hoa November 21, 2024 16:00

To enhance the security of Windows operating system, Microsoft has announced new security features for this operating system to strengthen the trust of users.

Accordingly, after the serious disruption of CrowdStrike in the summer of 2024, which affected about 8.5 million computers globally, Microsoft quickly responded to strengthen user confidence.

The incident, linked to a faulty CrowdStrike software update, caused a "blue screen of death" (BSOD) phenomenon that caused many systems to shut down, severely affecting industries and public services.

Ảnh minh họa
Illustration photo.

In response, Microsoft has announced a series of major improvements to the Windows operating system, focusing on enhancing security, improving stability and enhancing the system recovery mechanism in case of similar incidents.

Remotely restore a faulty machine

The incident, which occurred in July, caused a serious situation where IT administrators were unable to remotely troubleshoot the problem when the computer was stuck in a continuous boot loop. To deal with such situations, Microsoft developed the Quick Machine Recovery feature, which provides a quick and effective recovery solution.

The feature is expected to be open to the Windows Insider community for testing in early 2025, promising to significantly improve system resilience and minimize downtime.

This remote recovery tool is designed to handle Windows Update-related errors on PCs, even when the system fails to boot. The most notable feature is that it completely eliminates the need for physical access to the device, providing superior convenience and efficiency in remote troubleshooting.

"This remote recovery feature will provide the ability to quickly resolve major incidents, helping your staff get back to work more effectively than ever," said David Weston, Vice President of Enterprise Security and Operating Systems at Microsoft.

Remove unnecessary components, including built-in antivirus software.

Many changes are being implemented to reduce the dependence on administrative rights from applications and users. Microsoft sees excessive privileges from applications and users as one of the persistent challenges that requires a radical solution to improve security and system stability.

Windows is currently testing a new Administrator protection solution that sets standard user rights as the default. When users need to make system changes that require administrative rights, such as installing an app, they will be asked to authorize through the Windows Hello security system. This not only ensures that changes are made securely, but also provides additional protection against unauthorized access or potential threats.

Security will be enhanced by deploying temporary, fully isolated governance tokens to perform tasks requiring high access rights. This approach minimizes the risk of attacks, protecting governance rights from abuse or unauthorized access.

“This temporary token is immediately destroyed when the task completes, ensuring that administrator privileges do not persist. Administrator protection helps ensure that the user, not malware, remains in control of system resources,” Weston said in a blog post.

Any potential attackers will be thwarted because they will no longer be able to automatically, directly access the operating system kernel or other critical system resources without specific permission.

This means that security products, such as antivirus software, can run in user mode just like regular applications, increasing flexibility and reducing the risk of affecting system stability.

In July 2025, Microsoft plans to launch a private developer preview in the security product ecosystem focused on this groundbreaking change. The goal is to provide a higher level of security while ensuring that Windows is less vulnerable in the event of a crash or error, creating a more secure and stable environment for users.

Under the new initiative, Microsoft will require partners to deploy security product updates in phases, using a controlled deployment process combined with a strict monitoring mechanism. The goal is to ensure that any negative impacts from updates are detected and minimized, providing stability and security for users.

According to Microsoft's 2024 Digital Defense Report, the number of incidents involving users abusing access to steal tokens has skyrocketed, reaching an alarming 39,000 cases per day.

Focus on reliable apps and drivers

Microsoft suggests businesses use intelligent application control policies to eliminate attacks like malicious attachments and socially engineered malware.

IT administrators can now simplify the process by selecting the 'signed and trusted policy' template in the application control wizard. This option allows verified, highly trusted applications to work seamlessly regardless of deployment location. For enterprise applications that are not Microsoft-certified, administrators can easily add them through custom policy changes or by deploying through the Microsoft Intune application management system.

Hotpatch feature is now available on Windows

Hotpatch (or Hot Patching) is a software update technique that allows bug fixes or upgrades to be applied while the system or application is still running. This feature eliminates the need to reboot the system, minimizing downtime, which is especially important for enterprise or server systems.

“Hotpatch is now rolling out to Windows 11 Enterprise 24H2 and Windows 365, bringing a new level of seamless update experience to users,” said Weston.

Hotpatch will shorten the time to apply critical security updates "by up to 60% from the time the security update is made available."

Microsoft also believes the new feature will reduce the number of system reboots required from 12 a year to just four.

Other features enhance privacy and security

Microsoft is expected to focus on introducing a series of advanced security features at its annual Ignite 2024 technology event in late November. The tech giant is making a major shift in its security strategy by adopting more secure programming languages. This includes gradually switching from implementing functions in C++ to Rust, in order to increase the ability to protect the system from common security vulnerabilities.

To further protect credentials, Microsoft has upgraded the multi-factor authentication (MFA) solution that integrates with Windows Hello and expanded support for password locks. With this improvement, users no longer have to compromise between simplicity and security when signing in. Additionally, Windows Hello is now used to protect features like Recall and encrypt personal data, providing a more comprehensive layer of security for users.

Microsoft is expanding its encryption options to improve security, including Personal Data Encryption for Known Folders. When enabled, file contents are completely protected and can only be accessed after authentication via Windows Hello, and even device administrators cannot view data without passing this security layer.

Zero Trust DNS, launched by Microsoft in May 2024, provides advanced access control for IT administrators. It allows administrators to restrict access to unapproved domains and block outbound traffic via IP address. By default, Zero Trust DNS blocks all outbound traffic except for essential services, ensuring a secure network environment and maximum security compliance.

In addition, the feature A new Config is now available, giving administrators the ability to automatically restore system settings to their default state. This is especially useful in cases where settings are unintentionally changed by other users or applications, helping to ensure the system operates stably and in the correct configuration.

According to Cybernews
Copy Link

Featured Nghe An Newspaper

Latest

x
Microsoft announces new security features for Windows
POWERED BYONECMS- A PRODUCT OFNEKO