Tag Archive for: 21H2

Windows 10 21H2 adds ransomware protection to security baseline

/in


Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.

“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.

“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”

Protection from human-operated ransomware

However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).

When toggling on the Microsoft Security Baseline for Windows 10 21H2, Redmond urges admins to toggle on Defender for Endpoint’s tamper protection feature to protect against human-operated ransomware attacks.

This feature does that by blocking attempts by ransomware operators or malware to disable OS security features and security solutions to gain easier access to sensitive data and deploy further malware or malicious tools.

Tamper protection automatically locks Microsoft Defender Antivirus using the default secure values, thwarting attempts to change them using the registry, PowerShell cmdlets, or group policies.

After enabling it, ransomware operators would have a considerably more challenging task when trying to:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turnoff behavior monitoring
  • Disable antivirus (such as IOfficeAntivirus (IOAV))
  • Disable cloud-delivered protection
  • Remove security intelligence updates
  • Disable automatic actions on detected threats

PrintNightmare and Edge Legacy

With the new Windows 10 21H2 security baseline, Redmond removed all Microsoft Edge Legacy settings after its EdgeHTML-based web browser reached end of support in March.

“Going forward, please use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit,” Munck added.

Microsoft also added a new setting to the MS Security…

Source…

Microsoft Weekly: Android on Windows, WHQL-signed malware, and 21H2 builds

/in


Microsoft Weekly logo with an Android icon inside a Windows logo on the left and red padlocks on the

We’re at the end of the week, which means that it’s time to look at what happened in the world of Microsoft in the past few days. Windows 10 was primarily Microsoft’s focus in terms of new builds, but as we know, the upcoming version 21H2 build is just enablement package so don’t raise your expectations too much. More interestingly, Windows Subsystem for Android finally landed on preview builds of Windows 11. In the cybersecurity space, we also found out that Microsoft digitally signed a driver that was actually malware that can wreak havoc. Find out more about this in our weekly digest for October 17 – October 22.

Windows builds

Windows 10 logo with November 2021 Update written below it in blue

After giving Windows 11 all the attention for the past few weeks, Microsoft finally decided to give some love to Windows 10 too. The company released builds 19043.1319 and 19044.1319 for Insiders running version 21H1 or 21H2, respectively, in the Release Preview ring. Both builds have identical change logs, which makes sense because 21H2 is just an enablement package for 21H1 after all. Tons of bugs were squashed including those that affected subtitles from displaying on certain streaming sites or video playing apps. Enhancements were also made in the department of memory leaks and ransomware protections. You likely won’t notice any front-end enhancements if you install either of these builds though.

If you were thinking that build 19044.1319 will be the launch version of Windows 10 version 21H2 – when it eventually rolls out -, you’d be mistaken. Microsoft finally revealed that build 19044.1288 is a candidate build for that rollout and is now available for those on the Release Preview ring. The company has released ISOs too. The improvements offered in 19044.1319 will be provided in the next Patch Tuesday update. While a firm release date wasn’t disclosed, Microsoft referred to version 21H2 as the “November 2021 Update”, but also stated that out of the three noteworthy features promised for the update, a new Windows Hello for Business deployment method dubbed “cloud trust” won’t be ready for primetime. You can find out more about what to expect from Windows 10 November 2021 Update in our guide here.

Source…