Virtualization-based Security Archives

Winsage

April 19, 2025

Microsoft is deprecating a ‘revolutionary’ virtualization-based security feature for older versions of Windows 11

Microsoft has announced the deprecation of Virtualization-based Security (VBS) enclaves, a feature introduced in July 2024, in Windows 11 23H2 and earlier versions, as well as in Windows Server 2022 and its predecessors. Support for VBS enclaves will continue in Windows Server 2025 and future versions. VBS enclaves were designed to create secure memory spaces using Microsoft's Hyper-V hypervisor, enhancing security for specific application components. The decision to phase out VBS enclaves may be influenced by the rapid development cycle of Windows 11. Users are expected to transition to newer releases as support for Windows 11 23H2 ends in November. Enterprise customers relying on VBS enclaves may face disruptions if the feature is completely removed.

Winsage

April 19, 2025

Microsoft «kills a feature that protected «older» versions of Windows 11 — and no one knows why

Microsoft will discontinue support for virtualization-based security enclaves (VBS enclaves) in Windows 11 versions 23H2 and 22H2, as well as in Windows Server versions 2022, 2019, and 2016. Support for VBS enclaves will only be retained in Windows 11 version 24H2 and later, and in Windows Server 2025 and later. VBS enclaves enhance memory operation security by creating virtual trust levels within a Trusted Execution Environment. Microsoft previously addressed a privilege escalation vulnerability within VBS enclaves (CVE-2025-21370) and plans to integrate the Rust programming language into the Windows kernel starting with Windows 11 version 23H2 in 2024.

Winsage

April 18, 2025

Microsoft makes Windows 11 24H2 more secure but not how you’d think

Microsoft is deprecating support for Virtualization-Based Security (VBS) enclaves in Windows 11 23H2 and earlier versions as it transitions users to Windows 11 24H2, which retains support for VBS enclaves. Windows 11 24H2 enhances security and is essential for developers to ensure their applications function correctly and securely. Windows 11 23H2 will reach the end of its support lifecycle on November 11, 2025, after which Microsoft will stop providing security updates. Users are encouraged to upgrade to Windows 11 24H2 to maintain access to security features and receive updates.

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Winsage

March 14, 2025

AMD’s Ryzen 9 9950X3D reportedly runs up to 20% faster on Windows 10

Recent tests by Tech YES City indicate that Windows 10 can outperform Windows 11 by up to 20% in certain gaming scenarios, particularly in Fortnite at 1080p resolution. This performance gap is attributed to Virtualization-Based Security (VBS), which, when enabled on Windows 11, can lead to a performance loss in CPU-intensive games. The performance difference diminishes at 4K resolution, where both operating systems perform similarly. Windows 10 also showed better performance in games like Counter-Strike 2, Baldur's Gate 3, and Kingdom Come Deliverance 2, although to a lesser extent. Users with high-performance CPUs like the Ryzen 9 9950X3D may benefit from staying with Windows 10 longer despite its impending end of support.

Winsage

March 13, 2025

AMD’s most powerful processor ever actually runs better on Windows 10 than Windows 11

Recent benchmarks indicate that AMD's Ryzen 9 9950X3D performs better on Windows 10 than on Windows 11. In gaming tests, it achieved 729 fps on Windows 10 compared to 710 fps on Windows 11, with a further decline when virtualization-based security (VBS) was enabled. For example, in Fortnite, it recorded 591 fps on Windows 10 and 541 fps on Windows 11, with VBS causing a 9.2% performance drop. Other games also showed similar discrepancies between the two operating systems. A custom-tuned version of Windows 11 24H2 did not outperform a standard installation of Windows 10. The Ryzen 9 9950X3D was released on March 12, 2025, and is priced at 9/£699/AU,349. It features 16 cores, but only eight access the 3D V-cache, which may affect its performance compared to the Ryzen 7 9800X3D.

Winsage

December 4, 2024

Microsoft closes the door on Windows 11 supporting older hardware

Microsoft has confirmed that the hardware requirements for Windows 11, including the Trusted Platform Module (TPM) 2.0, are non-negotiable. The end of support for Windows 10 is set for October 2025. TPM 2.0 is essential for encrypting data, validating digital signatures, and enhancing security on Windows devices. It integrates with security features like Credential Guard, Windows Hello for Business, and BitLocker disk encryption, and supports Secure Boot. Windows 11 also requires support for virtualization-based security and hypervisor-protected code integrity (HVCI), limiting compatibility to CPUs released from 2018 onward. Although there are workarounds for unsupported hardware, Microsoft has tightened upgrade processes and is promoting new PC purchases to encourage upgrades from Windows 10.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Winsage

November 4, 2024

Windows Server 2025 released—here are the new features

Microsoft has launched Windows Server 2025, which will be generally available starting November 1, 2024. The new version includes features such as hotpatching, next-gen Active Directory, and SMB over QUIC alternative ports. Windows Server is available through the Long-Term Servicing Channel (LTSC) and the Annual Channel (AC). Key enhancements include: - Hotpatching enabled by Azure Arc for automatic updates and backup options. - NVMe storage performance improvements, offering up to 60% more IOPs compared to Windows Server 2022. - Block cloning support using the ReFS file system. - New Active Directory functionalities, including AD object repair and improved security. - Credential Guard for safeguarding against credential theft. - SMB hardening with secure access to file shares over the Internet. - Delegate Managed Service Accounts (dMSA) for automated password management. - Accelerated Networking (AccelNet) for reduced latency and CPU utilization. - DTrace for real-time system performance monitoring. - Virtualization-based security (VBS) enclaves for enhanced security. - Windows Local Administrator Password Solution (LAPS) for unique password generation and management. Microsoft is investigating known issues, including installation failures and BSOD errors for systems with more than 256 logical processors, boot issues in iSCSI environments, and language display problems during setup. Windows Server 2025 will reach its end of support on October 10, 2029, with extended support ending on October 10, 2034. A free 180-day trial is available through the Microsoft Evaluation Center.