Microsoft has announced the rollout of its latest major Windows 11 update, which brings a raft of features designed to provide customers with comprehensive security protection “by default”.
Back in April, as part of an event focused on the evolution of Windows in the hybrid working era, the company offered a peek at a number of security upgrades, spanning areas such as identity, patch management, malware protection and more.
With the arrival of the new version of Windows 11, these features will now come into effect, potentially alleviating a range of common headaches for IT professionals.
Windows 11 security updates
Although the latest Windows 11 update introduces a broad range of security tools, the headline addition is a feature called Smart App Control, a new AI-enabled system that stops users running malicious applications in Windows 11.
The feature leans on an AI model hosted in the Azure cloud (based on 43 trillion security signals collected by Microsoft daily) to assess the level of threat posed by an executable. If the threat level is high, the application will not be allowed to run.
Microsoft says Smart App Control will be particularly useful for smaller organizations, which do not benefit from the luxury of an extensive IT department capable of building out and enforcing application usage policies.
Separately, Windows 11 users will benefit from new protections designed to shield against risk posed by vulnerable drivers, a common target for malware authors by virtue of the level of privilege given to the Windows kernel.
Following the Windows 11 2022 update, drivers that feature on the vulnerable driver list maintained by Microsoft will now be blocked by default, and new measures that lean on virtualization-based security will also prevent attacks that modify kernel mode code.
The final group of updates revolves around access management and identity theft protection. Specifically, Microsoft has taken steps to make it easier for businesses to adopt passwordless authentication via Windows Hello, stop employees engaging with compromised apps and websites, and protect against advanced credential theft techniques.
“Windows 11 was designed from the start to be the most secure Windows operating system yet. From the chip to the cloud, our aim is to keep the digital workforce and organizational data safe, regardless of where people work,” said Wangui McKelvey, GM of Microsoft 365.
“New Windows 11 PCs come with robust security features turned on by default, based on close integration of hardware and Windows. We’re thrilled to hear that so many of you are adopting Windows 11 to ensure the best protection against evolving threats and using it within the Zero Trust framework to protect your people and your business.”