We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Microsoft «kills a feature that protected «older» versions of Windows 11 — and no one knows why

April 19, 2025

Microsoft has announced a significant shift in its security strategy, opting to phase out support for virtualization-based security enclaves (VBS enclaves) in older versions of Windows 11 and Windows Server. This change will take effect with the release of Windows 11 version 23H2 and will also impact earlier versions, including 22H2. The same discontinuation applies to Windows Server versions 2022, 2019, and 2016, which will consequently see a decline in their security robustness.

Details of the Change

In an official statement, Microsoft clarified that “Support for VBS enclaves will be discontinued in Windows 11 version 23H2 and earlier. It will be retained only in Windows 11 version 24H2 and later. VBS enclaves will also no longer be supported in Windows Server 2022 and earlier. Support will remain only in Windows Server 2025 and later.”

VBS enclaves, introduced in July of the previous year, are built upon the foundation of Virtualization-based Security (VBS), a feature that the tech giant has consistently highlighted as a cornerstone of Windows 11’s security architecture. The rationale behind this decision has not been explicitly stated, leaving many to speculate on the motivations behind the removal of such a recently implemented feature.

Historically, Microsoft has demonstrated a willingness to retire older standards to bolster security or to pave the way for more advanced technologies. Recent updates to the Edge browser’s data collection mechanisms and the gradual phasing out of ActiveX support in Office applications exemplify this trend.

The Role of VBS Enclaves

VBS enclaves serve a crucial function by enhancing the security of memory operations within applications. They achieve this by establishing virtual trust levels (VTLs) within a Trusted Execution Environment (TEE). However, this technology is not without its flaws; earlier this year, Microsoft addressed a privilege escalation vulnerability within VBS enclaves (CVE-2025-21370). In a bid to further strengthen memory protection, the company is also set to integrate the Rust programming language into the Windows kernel, beginning with Windows 11 version 23H2 in 2024.

For those interested in the specifics of features that will no longer receive support, a comprehensive list is available on the official Microsoft website.

Winsage
Microsoft «kills a feature that protected «older» versions of Windows 11 — and no one knows why