A lot has been discussed about the new security features that are part of Windows 11, such as Virtualization-based security (VBS) and Trusted Platform Module (TPM 2.0). A lot of the talk has been about Microsoft preventing devices without these features from upgrading to Windows 11.
That has caused controversy, mostly because of Microsoft’s strict enacting of these requirements. In fact, the company has made it clear devices without these features that update to Windows 11 will be locked out from feature updates and security patches.
Microsoft is now going on the defensive and highlighting why VBS and TPM 2.0 are valuable to the Windows 11 platform. It is worth remembering both features also work on Windows 10, but Microsoft does not demand them for the now legacy platform.
David Weston, Partner Director of Enterprise and OS Security for Microsoft has presented a video showing how TPM 2.0 and VBS prevent hackers from accessing machines. He highlights how without these measures, it is easier for threat actors to bypass security on a PC.
In the video, Weston shows how hackers can target a device without TPM 2.0 and VBS through remote or local attacks. To start, the video shows how it is possible to exploit a flaw in a remote desktop protocol (RDP) port to achieve access as an admin. From there, a threat actor could distribute malware/ransomware.
Of course, the above is for a Windows 10 machine without VBS and TPM 2.0.
It is worth checking out the video, which also shows how local exploitation is possible by targeting fingerprint authentication, if no VBS is available.
Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows 10 is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.