My new blog: Windows 11 2022 and new security features - this is the most secure version of Windows we have ever produced. Proud of the work the entire team has done, Let's gooooo
@dwizzzleMSFT
"Presence detection sensors work with Windows Hello to sign you in when you approach, and lock when you leave."
This sounds great
What are the hardware dependencies?
@dwizzzleMSFT
@MsftSecIntel
Sweet noticed some changes when using FIDO key, is there a reason it switches to other user when signing back in from a locked session?
@dwizzzleMSFT
Most secure version of Windows is like saying the least poisonous version of poison 🤷♂️
Active directory is still an unmaintainable mess, as are UAC and other windows internals.
#icannotshruganyharder
@dwizzzleMSFT
Thank you for the great post! But what about Windows security features on ARM-based CPU: 1. How memory is protected? 2. How TPM is involved? 3. What are the key differences between new Windows security mechanisms on Intel-based and ARM-based CPU? Thank you!
@dwizzzleMSFT
great post! here are a few additional mitigation ideas that i would love to see:
- a unified syscall enable/disable mechanism :each process having a list of allowed syscalls. Would permit to restrict kernel attack surface from sandbox and simplify code by merging several 1/N
@dwizzzleMSFT
Is it expected behavior that the The Microsoft vulnerable driver block list does not ever get updated on endpoints, with Windows Update or whatever other mechanism may be present with a powered-on machine?
The CIP on the current Windows 10 version always stays at 10.0.19014.0 regardless of Windows Updates happening, and Windows 11 always stays at 10.0.21250.0.
It's nice that the Microsoft recommended driver block rules is updated over time online, Windows doesn't see those updates.