 Windows 11 is coming this holiday season, although upgrades from Windows 10 won't happen until much later. We're sure that users who are hungry to get their hands on Microsoft's latest OS will be able to do so fairly quickly, though. That's especially true considering Windows 10 Insider Previews have all but dried up, leaving nothing but Windows 11 for Microsoft's volunteer quality assurance testers. However, once users upgrade, there's an alarmingly short time to decide to roll back to Windows 10 without starting over entirely. An FAQ has made its way to PC maker MSI's website that indicates Microsoft is trimming down the Windows 10 rollback window to just 10 days. The rollback functionality in Windows will take the archived Windows install folder (which is typically named Windows.old on the C: drive) and reinstate it as the PC's operating system without having to reinstall from scratch. When users upgraded from Windows 8.1 or earlier to Windows 10, they had a whole month to decide if the last newer version of Windows was good for them. In practice, though, this shorter time will probably not lock out users who decide they don't want Redmond's latest and greatest. Formatting a PC's primary storage and reinstalling Windows from a USB stick or DVD will likely still be an option once that 10-day window closes. Microsoft has committed to supporting Windows 10 through October of 2025, so users have three years from now to decide if they're ready to take the plunge into the Spinal Tap edition. The only potential issue is if Microsoft gets aggressive with its upgrades like it famously did when the company's upgrade reminders drove Windows 7 users batty. The FAQ is still live on MSI's site and covers a range of topics from when Windows 11 PCs will be available to which MSI PCs will support Windows 11. The company encourages users to download Microsoft's PC Health Check application, which displays a PC's ability to upgrade to Windows 11. One other interesting change covered in the FAQ is that S Mode, the lower-permissions option that locks users into the Microsoft Store, will continue to exist in Windows 11 Home, but apparently will be removed from Windows 11 Pro. For those who are interested to get a head start, Windows 11 Insider Preview builds are available to install, and the process is pretty simple. We wouldn't recommend installing a preview operating system on a PC that's used for business purposes, or for the faint of heart who recoil at the idea of possibly reinstalling Windows 10 from scratch if a deal-breaking bug crops up. On the other hand, Microsoft's Bug Bash is currently ongoing, and adventurous enthusiasts with a knack for finding unexpected behaviors could possibly make some bank. Not all PCs will be able to upgrade to Windows 11 when it releases in the not-too-distant future. Initially, Microsoft announced some pretty intense system requirements that left CPUs from 2017, which were still top-of-the-line in early 2018, out to dry. Fortunately, Microsoft appears to have heard the cries of its customers and is reconsidering Windows 11's requirements to stretch back a bit farther. Scalpers have been making a bit of bank on hardware Trusted Platform Modules, now that TPM is a requirement for the new OS, too. Windows 11 will release this holiday season and will be a free upgrade from Windows 10 on PCs that can support its hardware requirements. Follow this and more by visiting OUR FORUM.
 Microsoft has had six years to prepare for the launch of Windows 11, but the company is still struggling to explain its new hardware requirements. Windows 11 will officially support Intel 8th Gen Coffee Lake or Zen 2 CPUs and up, leaving behind millions of PCs that were sold during the launch of Windows 10. It’s an unusual surprise if you purchased a new PC for Windows 10, or perhaps you have a perfectly capable machine that’s even older. Windows 11 will require Intel 8th Gen Coffee Lake or Zen 2 CPUs and up, TPM 2.0 (Trusted Platform Module) support, 4GB of RAM, and 64GB of storage. Microsoft doesn’t typically enforce such specific processor requirements with Windows — with both Windows 8 and Windows 10 only requiring a 1GHz processor, 1GB of RAM (2GB for 64-bit), and 16GB of storage (20GB for 64-bit). Power users of Windows, and IT admins alike, have built up an expectation of being able to upgrade to the latest OS, regardless of what hardware they’re running. It looks like that’s about to end with Windows 11. After much confusion last week, Microsoft attempted to explain its hardware requirements again yesterday, and it sounds like the main driver behind these changes is security. Coupled with Microsoft’s hardware requirements is a push to enable a more modern BIOS (UEFI) that supports features like Secure Boot and TPM 2.0 (Trusted Platform Module). When you combine TPM with some of the virtualization technologies that Microsoft uses in Windows, there’s an understandable security benefit that we’ve discussed in detail previously. Microsoft claims that a combination of Windows Hello, Device Encryption, virtualization-based security, hypervisor-protected code integrity (HVCI), and Secure Boot “has been shown to reduce malware by 60 percent.” You obviously need modern hardware to enable all these protections, and Microsoft has been building toward this moment for years. TPM support has been a requirement for OEMs to gain Windows certification since around the release of Windows 10, but Microsoft hasn’t forced businesses or consumers to enable it. Microsoft’s decision to force Windows 11 users into TPM, Secure Boot, and more comes at a pivotal moment for Windows. It’s Microsoft’s operating system that’s always caught up in ransomware and malware attacks, and things are only going to get worse if the level of Windows hardware security doesn’t go up a notch. That delicate balance of security and the typical openness of Windows is something that Microsoft will struggle with over the next decade, as it wrestles with modernizing Windows and the understandable backlash. While Microsoft is waiving its new hardware requirements during the preview phase of Windows 11, we still don’t know exactly what devices will be supported when it launches later this year. Microsoft tried to offer some more clarity around this yesterday, but it wasn’t the level of detail we were hoping for. “As we release to Windows Insiders and partner with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles,” says a blog post from the Windows team. That could be good news for the Surface Studio 2, a $3,499 device that Microsoft still sells with a 7th Gen chip that’s not on the Windows 11 list. This same blog post also revealed that the 7th Gen is probably as far back as Microsoft is willing to concede. “We also know that devices running on Intel 6th generation and AMD pre-Zen will not” meet Microsoft’s minimum system requirements, said the blog post before it was edited to remove this line. It’s not clear why Intel’s 6th Gen chips are definitely off the list, but part of this decision could be related to Spectre and Meltdown — two major computer processor security bugs that affected nearly every device made for 20 years. Follow this thread and more on OUR FORUM.  Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process. Last week, G Data's cybersecurity alert systems flagged what appeared to be a false positive, but was not—a Microsoft signed driver called "Netfilter." The driver in question was seen communicating with China-based C&C IPs providing no legitimate functionality and as such raised suspicions. This is when G Data's malware analyst Karsten Hahn shared this publicly and simultaneously contacted Microsoft: "Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system." "Drivers without a Microsoft certificate cannot be installed by default," states Hahn. At the time, BleepingComputer began observing the behavior of C2 URLs and also contacted Microsoft for a statement. The first C2 URL returns a set of more routes (URLs) separated by the pipe ("|") symbol: The G Data researcher spent some time sufficiently analyzing the driver and concluded it to be malware. The researcher has analyzed the driver, its self-update functionality, and Indicators of Compromise (IOCs) in a detailed blog post. "The server then responds with the URL for the latest sample, e.g. hxxp://110.42.4.180:2081/d6, or with 'OK' if the sample is up-to-date. The malware replaces its own file accordingly," further explained the researcher. During the course of his analysis, Hahn was joined by other malware researchers including Johann Aydinbas, Takahiro Haruyama, and Florian Roth. Roth was able to gather the list of samples in a spreadsheet and has provided YARA rules for detecting these in your network environments. Notably, the C2 IP 110.42.4.180 that the malicious Netfilter driver connects to belonged to Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, according to WHOIS records: Microsoft is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used. The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers, and managing to acquire the Microsoft-signed binary in a legitimate manner: "Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments." "The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party." "We have suspended the account and reviewed their submissions for additional signs of malware," Microsoft said yesterday. According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers, and there is no indication of enterprise environments having been affected so far. Microsoft has refrained from attributing this incident to nation-state actors just yet. Falsely signed binaries can be abused by sophisticated threat actors to facilitate large-scale software supply-chain attacks. We have more detailed information and images posted on OUR FRUM.
|
Latest Articles
|