Does anybody know if there's any new security features in Windows 11?

I don't count TPM, HVCI as those features were in Windows 10.
This is a serious question, already have TPM, HVCI, VBS etc so trying to figure out how to build a business case for Windows 11.

It launches soon so I'm guessing there's a webpage I'm missing.
I want to believe there's a ton of new security features in Windows 11 and MS have just not written them down in the marketing.
@getwired have you seen a security feature list anywhere for Win11?
Ned to the rescue. Lots of good stuff in this, assuming coming to Win 11 too.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kevin Beaumont

Kevin Beaumont Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @GossiTheDog

16 Sep
What may be a Chinese APT broke into one of my honeypot orgs with ProxyShell.

This will definitely be burning this honeypot, but in the public good. Hashes follow in thread. No analysis yet as busy with work.

Had a custom IIS module backdoor, Mgbot (UDP backdoor) etc.
17e9812fdecd88dd33e9a9ea5320e93f
82061bdfb4b3071ac43c97db103f980b (Mgbot config)
669c3cac24e1f5aaf69d2d8427255b18 (IIS tampering config)
a0560bd41f2b2d526587537254a0d1be (agent batch)
950e971d50d739e03bcf85ca768051b3 (Xwizards)
739d8c5947c03e796cc98a3076a789fc
C2, MG traffic

222.239.80.235 UDP port 25899
Read 7 tweets
15 Sep
“I submitted this to secure@microsoft.com on the 22 May 2018, but received a response advising I raise an issue here”

👀
The OMS Agent GitHub is a maze of open security vulns, there’s threads going back years unanswered. Image
If you talk to MS support about it they will tell you MS OMS isn’t supported, however several of their security products are built on it (and will auto install it on Azure).

They appear to have EOL’d their own security stack while requiring customers install it, which is bold.
Read 4 tweets
14 Sep
Microsoft Azure silently install management agents on your Linux VMs, which now have RCE and LPE vulns.

Microsoft don’t have an auto update mechanism, so now you need to manually upgrade the agents you didn’t know existed as you didn’t install them. wiz.io/blog/secret-ag…
Microsoft also need to fix this one. The OMSagent (Sentinel etc) has an LPE to root.
I would tend to take the view MS needs to fix this stuff as it is embarrassingly risky for customers.
Read 13 tweets
7 Sep
This one is legit and is going to be worse than the Equation Editor CVEs (which make up almost all endpoint exploitation still), so strap in.
Microsoft’s guidance for this requires you to be running their AV and EDR tooling, directs you to definitions 1.349.22.0 which I suspect is a typo (they’re on .222), and says if you run Defender you do not need to take additional action. EDR in block mode isn’t default..
So if you’re Microsoft EDR but not AV (actually a majority of customers, btw) nothing is blocked, unless you set EDR to block mode.
Read 18 tweets
6 Sep
There’s a good thread on ProtonMail here. When services say they don’t keep logs, laugh. Businesses are businesses and will business when the police turn up.
They comply with Swiss legal requests, which includes on VPN logs by the way.
They've published a blog: protonmail.com/blog/climate-a…

I think one thing it highlights is @ProtonMail have a blog about how brilliant Swiss laws are for privacy... but this case shoots holes throughout their marketing as it was a climate change activist. Image
Read 4 tweets
6 Sep
Exchange ProxyShell activity from 107.155.104.162 in the US, with follow on activity. Block. greynoise.io/viz/ip/107.155…
This tweet is sponsored by my cat tipping a glass of water on me at 4.40am, waking me up.
A majority of the malicious traffic continues to be from the US, Greynoise doing a good job at tagging. greynoise.io/viz/query/?gnq…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(