VBS Enclaves Archives

Winsage

November 4, 2024

Windows Server 2025 released—here are the new features

Microsoft has launched Windows Server 2025, which will be generally available starting November 1, 2024. The new version includes features such as hotpatching, next-gen Active Directory, and SMB over QUIC alternative ports. Windows Server is available through the Long-Term Servicing Channel (LTSC) and the Annual Channel (AC). Key enhancements include: - Hotpatching enabled by Azure Arc for automatic updates and backup options. - NVMe storage performance improvements, offering up to 60% more IOPs compared to Windows Server 2022. - Block cloning support using the ReFS file system. - New Active Directory functionalities, including AD object repair and improved security. - Credential Guard for safeguarding against credential theft. - SMB hardening with secure access to file shares over the Internet. - Delegate Managed Service Accounts (dMSA) for automated password management. - Accelerated Networking (AccelNet) for reduced latency and CPU utilization. - DTrace for real-time system performance monitoring. - Virtualization-based security (VBS) enclaves for enhanced security. - Windows Local Administrator Password Solution (LAPS) for unique password generation and management. Microsoft is investigating known issues, including installation failures and BSOD errors for systems with more than 256 logical processors, boot issues in iSCSI environments, and language display problems during setup. Windows Server 2025 will reach its end of support on October 10, 2029, with extended support ending on October 10, 2034. A free 180-day trial is available through the Microsoft Evaluation Center.

Winsage

October 3, 2024

Understanding VBS Enclaves, Windows’ new security technology

The implementation of a trusted execution environment on personal computers enhances data security by protecting data in use, in addition to traditional data protection methods. Windows 11 features advanced memory integrity tools that create an isolated memory segment called Virtual Trust Level 1 (VTL 1) for a secure version of the Windows kernel, while the standard environment operates at Virtual Trust Level 0 (VTL 0). VBS Enclaves require Windows 11 or Windows Server 2019 or later with VBS enabled, which can be done through Windows security tools, Group Policy, or Intune for Mobile Device Management (MDM). Enabling VBS across all supported devices is recommended to reduce security risks.

Winsage

October 2, 2024

Microsoft Beefs Up Windows Recall’s Security, Users Can Choose To Uninstall – Pokde.Net

Microsoft has announced significant updates to its Recall feature, which will now be opt-in by default, requiring users to enable it during the setup of their Copilot+ PCs. Users can completely uninstall Recall by navigating to the “Optional Features” section in Settings. The feature will now encrypt all data using the Trusted Platform Module (TPM) and require Windows Hello for access. Recall is designed with security measures that isolate it from the operating system and administrative users, and sensitive information will be filtered by default. Content from private browsing sessions will not be recorded, and users can delete or filter specific information.

Winsage

September 30, 2024

Microsoft brings back its most controversial Windows AI feature, with beefed up security

Microsoft's Recall, an AI-driven search tool for Copilot+ PCs, faced delays due to user concerns about unencrypted screenshots potentially exposing sensitive information. In response, Microsoft announced a revamped version with enhanced security features, including: - Encryption of all captured data. - Integration with Windows Hello Enhanced Sign-in Security for controlled access. - An opt-in feature that is not activated by default and can be uninstalled. - Storage of screenshots in a secure VBS Enclave, accessible only when users engage with Recall. These improvements aim to address the security issues identified in the initial rollout.

Winsage

September 29, 2024

Microsoft Lifts Hood on Windows Recall’s Security Guardrails — Redmondmag.com

Microsoft is preparing for the preview release of Windows Recall, a feature for Microsoft Copilot+ PCs that captures user interactions to create a searchable history. Initially set for a June launch, it was delayed to October due to privacy and security concerns. To enhance security, Microsoft has implemented an opt-in model, additional encryption, and requires Windows Hello for access. Recall operates mainly within virtualization-based security (VBS) enclaves, which protect data from unauthorized access. Users can customize privacy settings, including excluding applications, deleting snapshots, and managing retention periods. Recall does not capture data from in-private browsing sessions and filters out sensitive information. It does not share data with Microsoft or third parties, although some diagnostic data may be transmitted. Microsoft conducted extensive reviews and testing to ensure Recall's security and reliability.

Winsage

September 28, 2024

Microsoft explains how it’s tackling security and privacy for Recall

Microsoft's Recall feature for Copilot+ AI PCs was designed to help users locate past activities but faced backlash over security concerns related to constant screenshotting of user activity. In response, Microsoft delayed the rollout for Windows Insider beta testers and announced enhanced security measures, making Recall an opt-in feature by default and integrating Windows Hello biometric authentication. The feature will utilize encryption and VBS Enclaves to protect data, and users can opt to remove Recall entirely. Additional protective measures include rate-limiting and anti-hammering strategies, with a fallback PIN method after configuration. Recall will not retain private browsing data by default and will filter sensitive content. Microsoft has engaged a third-party vendor for penetration testing and security design review, while the Microsoft Offensive Research and Security Engineering team has been testing the feature.

Winsage

July 29, 2024

CrowdStrike—How Microsoft Will Protect 8.5 Million Windows Machines

A CrowdStrike update caused the crashing of millions of Windows machines, leading Microsoft to release an analysis of the incident. CrowdStrike identified a bug in its software as the cause and committed to improving its quality assurance processes. Microsoft confirmed that the issue was a read-out-of-bounds memory safety error in the CSagent.sys driver. Microsoft explained the importance of kernel drivers for security products, noting their role in system-wide visibility and performance, but also acknowledged the complexities and risks associated with kernel-level operations. Following the incident, Microsoft proposed four steps to enhance Windows security, including safe rollout guidance, reducing kernel driver access, improving isolation and anti-tampering capabilities, and implementing zero trust approaches.

Winsage

July 26, 2024

Microsoft calls for Windows changes and resilience after CrowdStrike outage

Microsoft is advocating for changes to Windows to restrict security vendors like CrowdStrike from accessing the Windows kernel, following an incident where 8.5 million PCs went offline due to a faulty CrowdStrike update. CrowdStrike's software operates at the kernel level, allowing unrestricted access to system memory and hardware, which can lead to Windows crashes. Microsoft is emphasizing the need for collaboration to enhance security measures and is considering restricting kernel-level access within Windows.

Winsage

July 4, 2024

Windows 11 will offer new secure application “enclaves” to protect sensitive data through virtualization

Virtualization-Based Security (VBS) enhances data protection and integrity in Windows 11 by creating a virtual machine environment through the Hyper-V hypervisor. VBS enclaves, a new addition to VBS, provide a trusted execution environment within applications for safeguarding sensitive data. VBS enclaves require specific device requirements and Visual Studio 2022 for coding projects.

Winsage

July 1, 2024

Microsoft outs details, system requirements of Windows 11’s new VBS Enclave security feature

Microsoft has introduced VBS Enclaves, a Trust Execution Environment (TEE) designed to enhance security for third-party apps using isolated user mode Virtual Trust Levels (VTLs).