Microsoft Hints at Windows 11 Security Features to Thwart Firmware Attacks
Microsoft, the world’s second-largest company by market capitalization, has been hinting at a possible Windows 11 release in official and unofficial corporate communications for weeks. The news has come as a surprise to many in the industry because upon its release in 2015, Windows 10 was announced to be the last and final version of the historic operating system. Six years later, it seems the software and cloud computing giant feels it is time for a refresh of the 35-year-old operating system. The announcement comes at a time when Windows is seeing increased competition from Google and its Chrome OS along with competition from Apple and its introduction of Mac computers that run its own Arm-based M1 chips, which boast more impressive battery life than Intel-based PCs. Windows 10 has certainly endured the test of time becoming one of the most popular Windows releases, running on over 1.3 billion devices, and outliving any of its predecessors at six years old.
At a Windows event in the second half of June, Microsoft hinted at an October release date for the new OS currently dubbed Windows 11. Industry insiders expect to see the new release around October 20th — in plenty of time for holiday sales. The release could also be accompanied by the release of new Surface devices. Microsoft has promised to deliver Windows 11 as “a free upgrade for eligible Windows 10 PCs and on new PCs beginning this holiday.”
In an effort to improve security and thwart firmware attacks, Windows 11 will require TPM (Trusted Platform Module) chips on existing and new devices. According to David Weston, Director of Enterprise and OS Security at Microsoft,
“The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
Requiring TPM is all about security. TPMs work by offering hardware-level protection instead of software only. It can be used to encrypt disks using Windows features like BitLocker, or to prevent dictionary attacks against passwords. TPM 1.2 chips have existed since 2011, but they’ve typically only been used widely in IT-managed business laptops and desktops. Microsoft wants to bring that same level of protection to everyone using Windows. The move to requiring TPM is a direct response to the increase in firmware attacks Microsoft has been seeing and reported on in its Security Signals from March of this year. The report, based on research assembled from interviews with 1,000 enterprise security decision-makers, showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
In the past year, Microsoft has made headlines as its Windows OS was breached in high-profile attacks such as SolarWinds and the Hafnium attacks on Microsoft Exchange servers. Obviously, Microsoft can’t force its customers to keep their software patched but it’s clear they are trying to be more proactive in pushing security where they can. TPMs will certainly help with certain attacks. Microsoft is banking on a combination of modern CPUs, Secure Boot, and its set of virtualization protections to really make a dent in ransomware going forward.