Windows 10 received the final version of the 21H2 update
Microsoft has placed the final version of the security configuration for Windows 10 within the 21H2 version of the update, also known as "November 2021 Update". The final version is available through the Microsoft Compliance Security Toolkit, a toolkit that allows enterprise security administrators to download, analyze, test, edit, and store security configuration templates for Windows and other Microsoft products.
Microsoft Security Advisor Rick Munck noted that this update brings several new settings with which to edit security protocols on Windows.
One part of the security configuration within the 21H2 update edged the problem of installation restrictions for drivers on individual printers, which is known under the name kb5005010.
Microsoft's security changes have also addressed Microsoft Edge Legacy, which is an Edge-HTML browser, i.e. an Edge-HTML browser. It is an earlier version of the popular Microsoft browser for which support stopped in early April 2021. It was replaced by the new Chromium-based Microsoft Edge, which has been available since January 2020.
Because Microsoft Edge Legacy is no longer part of the Windows 10 21H2 version, the settings that supported it have been removed from the system.
The main change to the 21H2 version of windows updates is aimed at ransomware protection operated by a third party and is mostly intended for companies as users who have built business systems.
Ransomware is malicious code that blocks access to a computer and requires payment of a certain ransom. There are various forms of ransomware and the big problem with it is the inability to track and identify the perpetrator.
There are two main categories of ransomware that can be reduced to situations when the basic functions of a computer are infected and when individual files are placed under encryption.
The most common way to infect ransomware is to open an infected attachment in an email or click on an infected link. In many situations, the user needs to be deceived by presenting infected messages or links as if they came from a reputable company or institution.
This form of malware attack is constantly being modified and antiviruses tend to have trouble identifying it. Some of the pre-work that can be recommended within companies is the following:
- perform regular data backup
- ensuring backup that is not available for modification or deletion
- use of the security software and its regular update
- practicing safe internet surfing
- using secure networks and avoiding public Wi-Fi networks
- informing about the latest ransomware threats
- conducting shorter educations and training among users of the business system to raise awareness of ransomware attacks.
As already mentioned, the highlight of the new Windows 10 update is ransomware protection, which is combined in an add-on called "Tamper protection" and builds on the Microsoft Defender activity.
"Tamper protection" is available on devices that have the following versions of Windows:
- windows 10
- windows 11
- Windows 10 Enterprise Multi-Session
- Windows 11 Enterprise Multi-Session
- Windows Server 2019
- Windows Server 2022
- Windows Server, version 1803 or later
- Windows Server 2016
- Windows Server 2012 R2.
This plugin is related to Microsoft Endpoint, which helps track computer security and is a feature that blocks ransomware (and other malware) fraud attempts by preventing easy access to security and operating system solutions where sensitive data and security tools are often found.
"Tamper Protection" automatically locks the Microsoft Defender antivirus using the default security values, thereby disabling attempts to change them through Registry (hierarchical settings database), PowerShell (used to automate system management), or Group Policy (a feature that contains various advanced settings, mostly for network administrators).
Once "Tamper protection" is enabled, it will be more challenging for the people behind the ransomware to:
- disable protection against viruses and other malware threats
- disable real-time protection
- turn off monitoring of software and application behavior within the operating system
- disable the antivirus interface (e.g.IOfficeAntivirus)
- disable cloud-forwarded protection
- remove security updates
- prevent automatic reactions to identified threats.
It is very important to say that the integrity of the system with these changes will not be violated.
Many forms of ransomware seek, once given access to the computer's operating system, to change the security settings. What may be the first goal of infiltrated ransomware as harmful software is to prevent antivirus from working and to spot a threat on your computer. In these cases, the situation is often lost because ransomware has not been detected, and the only software that could prevent its attack has been disabled due to changed settings and automatic protection of the operating system has been removed.
With "Tamper Protection" as a protection add-on, the Microsoft Defender antivirus is automatically blocked, preventing it from modifying its functions and settings through Registry, PowerShell, or Group Policy.
Blocking ransomware attempts for change will not allow security settings to be disabled with the aim of making sensitive data easier to obtain and to resume the process of additional malware and other malicious tools installations at a time.
Microsoft has shown with the 21H2 version of the Windows 10 update (and other versions of the operating system) that Windows 11 is not currently its only priority. Security settings will form the basis of updates for Windows 10 in the coming years Microsoft support and users can be sure that their operating system will receive constant security patches.
"Tamper protection" is a very useful plugin for computer security and is specifically intended to maintain security within business systems because ransomware attacks are often directed at companies and corporations that use highly sensitive data in business. Since these legal entities often have more financial resources in their accounts, compromising their data can be a common goal of harmful software such as ransomware because of the possibility of demanding a ransom.