IDCA NewsAll IDCA News
22 Sep 2022
The New Windows 11 Update Eliminates the Key Hacker Tactic
As part of Microsoft's Windows 11 2022 update, the company introduced Credential Guard, an anti-security feature designed to protect against login theft and password information. And the feature is enabled by default.
Using techniques known as "Credential Dumping," attackers ranging from nation-state hackers to ransomware operators can have access to login and password information. The hacking technic involves copying credentials from several different parts of Windows with the aid of software tools such as Mimikatz.
The latest Windows 11 version will automatically protect organizations against this tactic, as Credential Guard will be enabled by default for the first time, according to David Weston, Microsoft's vice president of enterprise and OS security.
Ultimately the new Windows 11 update will make a difference and eliminate the most common techniques from a credential-dumping standpoint," Weston told Protocol, A report by Verizon found that illegitimately using credentials accounted for 48% of data breaches in 2021, so there is more opportunity for data to be breached in this fashion.
Because Microsoft made it optional with the release of Windows 10, few organizations have implemented it because the feature wasn't switched on by default, Weston said.
To run Credential Guard without adversely affecting performance, Microsoft was initially worried about security vulnerabilities caused by virtualization-based security. Now, it has managed to create the underlying technology used by Windows 11. (Based on an interview, Weston said that the ability to run virtualization-based security features by default was the main driver for the higher CPU requirements for Windows 11.)
In addition to these security features, other features will be enabled by default in Windows 11. For example, in the WannaCry attack, Microsoft modified Windows kernel code, including drivers, so that hypervisor-protected code integrity prevented it from happening (as was the case in previous attacks). Another feature, credential isolation with Local Security Authority protection, was also implemented to combat credential theft.
Windows 11, the successor of Windows 10, was first introduced in October 2021. Based on a report published by AdDuplex, 23.1% of Windows PCs ran on Windows 11 manufactured as of June.
The new windows 11 incorporates additional features for malware prevention (Smart App Control) and phishing prevention (Microsoft Defender SmartScreen).
In summary, "I would say Windows 11 is substantially more secure than [Windows] 10 at this point, from a feature standpoint," "I expect much of the momentum — particularly in commercial — for Windows 11 will be driven by security." Weston said.
Follow us on social media: