Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions

Published Oct 05 2021 07:02 AM 9,831 Views
Contributor

Stay ahead of external and internal threats — and balance performance, reliability, and security with Windows 11. Dave Weston, Windows security expert, joins Jeremy Chapman to share the rationale behind hardware requirements and how they provide significantly more protection against today’s most sophisticated malware and attacks.

 

Screen Shot 2021-10-05 at 9.48.01 AM.png

 

 

 

QUICK LINKS:

 

Link References:

 

Unfamiliar with Microsoft Mechanics?

 

Keep getting this insider knowledge, join us on social:


Video Transcript:

%3CLINGO-SUB%20id%3D%22lingo-sub-2813193%22%20slang%3D%22en-US%22%3EWindows%2011%20Security%20%E2%80%94%20Our%20Hacker-in-Chief%20Runs%20Attacks%20and%20Shows%20Solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813193%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EStay%20ahead%20of%20external%20and%20internal%20threats%20%E2%80%94%20and%20balance%20performance%2C%20reliability%2C%20and%20security%20with%20Windows%2011.%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22markup--anchor%20markup--p-anchor%22%20href%3D%22https%3A%2F%2Ftwitter.com%2FdwizzzleMSFT%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%20data-href%3D%22https%3A%2F%2Ftwitter.com%2FdwizzzleMSFT%22%3EDave%20Weston%3C%2FA%3E%2C%20Windows%20security%20expert%2C%20joins%20%3CA%20class%3D%22markup--anchor%20markup--p-anchor%22%20href%3D%22https%3A%2F%2Ftwitter.com%2Fdeployjeremy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%20data-href%3D%22https%3A%2F%2Ftwitter.com%2Fdeployjeremy%22%3EJeremy%20Chapman%26nbsp%3B%3C%2FA%3E%3CSPAN%3Eto%20share%20the%20rationale%20behind%20hardware%20requirements%20and%20how%20they%20provide%20significantly%20more%20protection%20against%20today%E2%80%99s%20most%20sophisticated%20malware%20and%20attacks.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screen%20Shot%202021-10-05%20at%209.48.01%20AM.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315289iB23B049764AC0B4E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screen%20Shot%202021-10-05%20at%209.48.01%20AM.png%22%20alt%3D%22Screen%20Shot%202021-10-05%20at%209.48.01%20AM.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3ECyber%20attacks%20are%20at%20an%20all%20time%20high.%20Many%20of%20the%20opt%3CSPAN%3Ei%3C%2FSPAN%3Eonal%20or%20high-end%20security%20controls%20from%20Windows%2010%20are%20now%20on%20by%20default%20and%20required%20on%20new%20machines%20with%20Windows%2011.%20The%20Zero%20Trust%20security%20model%20is%20baked%20into%20Windows%2011%2C%20from%20the%20silicon%20on%20the%20board%20itself%2C%20to%20the%20actual%20boot%20process%2C%20your%20login%20as%20a%20user%2C%20and%20the%20apps%20you%20use%20in%20your%20Windows%20session%20every%20day.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%20class%3D%22%22%3E%0A%3CLI%20id%3D%2268f2%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3ESee%20the%20sites%20that%20hackers%20use%2C%20and%20find%20out%20if%20your%20organization%20is%20exposed.%3C%2FLI%3E%0A%3CLI%20id%3D%22b62f%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EProtect%20Windows%20from%20remote%20and%20in-person%20attacks%20with%20Virtualization-based%20Security.%3C%2FLI%3E%0A%3CLI%20id%3D%223c55%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EUEFI%2C%20Secure%20Boot%20and%20Trusted%20Boot%20stop%20rootkits%20or%20bootkits.%3C%2FLI%3E%0A%3CLI%20id%3D%22beb3%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3ESecure%20encryption%20keys%2C%20user%20credentials%2C%20and%20sensitive%20data%20behind%20a%20hardware%20barrier.%20Windows%2011%20requires%20TPM%202.0%20on%20new%20installs%20by%20default.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252Ftg9QUrnVFho%253Ffeature%253Doembed%26amp%3Bdisplay_name%3DYouTube%26amp%3Burl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dtg9QUrnVFho%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252Ftg9QUrnVFho%252Fhqdefault.jpg%26amp%3Bkey%3Db0d40caa4f094c68be7c29880b16f56e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22600%22%20height%3D%22337%22%20scrolling%3D%22no%22%20title%3D%22YouTube%20embed%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CSECTION%20class%3D%22dn%20gb%20gc%20di%20gd%22%3E%0A%3CDIV%20class%3D%22n%20p%22%3E%0A%3CDIV%20class%3D%22aq%20ar%20as%20at%20au%20ge%20aw%20w%22%3E%0A%3CH2%20id%3D%222412%22%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--327544509%22%20id%3D%22toc-hId--327544507%22%3EQUICK%20LINKS%3A%3C%2FH2%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20jd%20ig%20je%20jf%20jg%20ik%20jh%20ji%20jj%20jk%20jl%20jm%20jn%20jo%20jp%20jq%20jr%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D96s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E01%3A36%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%E2%80%94%20Demo%20attack%3A%20Remote%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D365s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E06%3A05%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Demo%20attack%3A%20In%20person%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D481s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E08%3A01%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Virtualization-based%20Security%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D666s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E11%3A06%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Trusted%20Platform%20Module%20(TPM)%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D728s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E12%3A08%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20UEFI%2C%20Secure%20Boot%2C%20and%20Trusted%20Boot%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D867s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E14%3A27%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Proof%20it%20works%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtg9QUrnVFho%26amp%3Bt%3D937s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3E15%3A37%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Wrap%20up%3C%2FP%3E%0A%3CH2%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--2134998972%22%20id%3D%22toc-hId--2134998970%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%225ad1%22%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId-352513861%22%20id%3D%22toc-hId-352513863%22%3ELink%20References%3A%3C%2FH2%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20jd%20ig%20je%20jf%20jg%20ik%20jh%20ji%20jj%20jk%20jl%20jm%20jn%20jo%20jp%20jq%20jr%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3ETo%20switch%20from%20MBR%20to%20GPT%2C%20check%20out%20our%20show%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Faka.ms%2FMechanicsMBR2GPT%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FMechanicsMBR2GPT%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3ECheck%20to%20see%20if%20your%20organization%20is%20exposed%20on%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fshodan.io%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2FShodan.io%3C%2FA%3E%3C%2FP%3E%0A%3CH2%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--1454940602%22%20id%3D%22toc-hId--1454940600%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22ebb0%22%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId-1032572231%22%20id%3D%22toc-hId-1032572233%22%3EUnfamiliar%20with%20Microsoft%20Mechanics%3F%3C%2FH2%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20jd%20ig%20je%20jf%20jg%20ik%20jh%20ji%20jj%20jk%20jl%20jm%20jn%20jo%20jp%20jq%20jr%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3EWe%20are%20Microsoft%E2%80%99s%20official%20video%20series%20for%20IT.%20You%20can%20watch%20and%20share%20valuable%20content%20and%20demos%20of%20current%20and%20upcoming%20tech%20from%20the%20people%20who%20build%20it%20at%20Microsoft.%3C%2FP%3E%0A%3CUL%20class%3D%22%22%3E%0A%3CLI%20id%3D%2268a0%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3ESubscribe%20to%20our%20YouTube%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fc%2FMicrosoftMechanicsSeries%3Fsub_confirmation%3D1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fc%2FMicrosoftMechanicsSeries%3Fsub_confirmation%3D1%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%227b8d%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EJoin%20us%20on%20the%20Microsoft%20Tech%20Community%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-mechanics-blog%2Fbg-p%2FMicrosoftMechanicsBlog%22%20target%3D%22_blank%22%20rel%3D%22ugc%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-mechanics-blog%2Fbg-p%2FMicrosoftMechanicsBlog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%223e99%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EWatch%20or%20listen%20via%20podcast%20here%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fmicrosoftmechanics.libsyn.com%2Fwebsite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftmechanics.libsyn.com%2Fwebsite%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--774882232%22%20id%3D%22toc-hId--774882230%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22be7a%22%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId-1712630601%22%20id%3D%22toc-hId-1712630603%22%3EKeep%20getting%20this%20insider%20knowledge%2C%20join%20us%20on%20social%3A%3C%2FH2%3E%0A%3CUL%20class%3D%22%22%3E%0A%3CLI%20id%3D%22150f%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20jd%20ig%20je%20jf%20jg%20ik%20jh%20ji%20jj%20jk%20jl%20jm%20jn%20jo%20jp%20jq%20jr%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EFollow%20us%20on%20Twitter%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Ftwitter.com%2FMSFTMechanics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Ftwitter.com%2FMSFTMechanics%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%224bcc%22%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20ld%20ig%20je%20jf%20le%20ik%20jh%20ji%20lf%20jk%20jl%20jm%20lg%20jo%20jp%20jq%20lh%20js%20jt%20ju%20la%20lb%20lc%20hc%22%20data-selectable-paragraph%3D%22%22%3EFollow%20us%20on%20LinkedIn%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22ea%20ma%22%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmicrosoft-mechanics%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20ugc%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmicrosoft-mechanics%2F%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CHR%20%2F%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FSECTION%3E%0A%3CSECTION%20class%3D%22dn%20gb%20gc%20di%20gd%22%3E%0A%3CDIV%20class%3D%22n%20p%22%3E%0A%3CDIV%20class%3D%22aq%20ar%20as%20at%20au%20ge%20aw%20w%22%3E%0A%3CH2%20id%3D%2256eb%22%20class%3D%22lj%20ic%20gg%20bb%20id%20lk%20ll%20lm%20ih%20ln%20lo%20lp%20il%20lq%20lr%20ls%20ip%20lt%20lu%20lv%20it%20lw%20lx%20ly%20ix%20lz%20hc%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--94823862%22%20id%3D%22toc-hId--94823860%22%3EVideo%20Transcript%3A%3C%2FH2%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20jd%20ig%20je%20jf%20jg%20ik%20jh%20ji%20jj%20jk%20jl%20jm%20jn%20jo%20jp%20jq%20jr%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Up%20next%20on%20Microsoft%20Mechanics%2C%20I%E2%80%99m%20joined%20once%20again%20by%20hacker-in-chief%20and%20Windows%20security%20expert%2C%20Dave%20Weston%2C%20to%20go%20deep%20on%20Windows%2011%20security%20and%20the%20rationale%20behind%20hardware%20requirements%20for%20implementing%20the%20highest%20default%20security%20baseline%20to%20date%2C%20and%20how%20this%20provides%20significantly%20more%20protection%20against%20today%E2%80%99s%20most%20sophisticated%20malware%20and%20attacks.%20So%20Dave%2C%20you%20famously%20founded%20the%20Red%20Team%20of%20professional%20hackers%20at%20Microsoft%2C%20and%20it%E2%80%99s%20really%20your%20team%E2%80%99s%20job%20to%20stay%20ahead%20of%20external%20threats%20that%20might%20compromise%20Windows.%20So%20the%20new%20system%20requirements%20with%20Windows%2011%20were%20a%20surprise%2C%20I%20think%2C%20to%20many%20of%20us.%20Now%20those%20balance%20performance%2C%20reliability%2C%20as%20well%20as%20security.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20They%20do.%20The%20approach%20we%E2%80%99ve%20taken%20is%20an%20evolution%20of%20what%20we%E2%80%99ve%20been%20doing%20for%20a%20while.%20Many%20of%20the%20optional%20or%20high-end%20security%20controls%20from%20Windows%2010%20are%20now%20on%20by%20default%20and%20required%20on%20new%20machines%20shipping%20with%20Windows%2011.%20This%20is%20critical%20because%20cyber%20attacks%20are%20at%20all%20time%20high%20and%20getting%20more%20and%20more%20sophisticated.%20So%20things%20have%20really%20shifted%20from%20attacking%20for%20bragging%20rights%20to%20big%20business%2C%20and%20enough%E2%80%99s%20enough%2C%20really.%20A%20lot%20of%20what%20you%E2%80%99re%20seeing%20in%20Windows%2011%20is%20what%20we%20defined%20as%20a%20secured-core%20PC%20back%20in%202019%20with%20our%20then-new%20device%20security%20requirements%20to%20protect%20against%20targeted%20firmware%20attacks.%20And%20this%20outlined%20a%20number%20of%20new%20protections%20against%20modern%20threats.%20It%20has%20the%20Zero%20Trust%20security%20model%20baked%20in%20with%20layered%20security%2C%20from%20the%20silicon%20on%20the%20board%20itself%2C%20to%20the%20actual%20boot%20process%2C%20your%20login%20as%20a%20user%2C%20and%20the%20apps%20that%20you%20use%20in%20your%20Windows%20session%20every%20day.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20And%20one%20of%20my%20favorite%20parts%20of%20having%20you%20on%20the%20show%20is%20making%20all%20of%20this%20real%20and%20showing%20the%20attacks%20in%20action%20for%20real%2C%20and%20also%20how%20you%20would%20stop%20them%20in%20the%20new%20version%20of%20Windows.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Today%20I%20have%20a%20few%20different%20attacks%20I%E2%80%99ll%20walk%20you%20through%2C%20and%20we%E2%80%99ll%20start%20by%20showing%20them%20succeeding%2C%20then%20I%E2%80%99ll%20break%20down%20each%20protection%20that%20we%20put%20in%20place%20to%20stop%20them%2C%20and%20then%20I%E2%80%99ll%20prove%20to%20you%20that%20they%20all%20work.%20For%20the%20first%20one%2C%20I%E2%80%99m%20going%20to%20demonstrate%20an%20attack%20on%20a%20Windows%2010%20machine%20without%20a%20TPM%20or%20Secure%20Boot%20enabled.%20I%E2%80%99ll%20start%20by%20getting%20into%20the%20process%20that%20a%20hacker%20would%20take.%20There%E2%80%99s%20a%20website%20here%20called%20Shodan.io%20that%20people%20use%20to%20identify%20vulnerable%20machines%20connected%20to%20the%20internet.%20Things%20like%20web-facing%20RDP%20ports%2C%20such%20as%203389%2C%20that%20are%20open%2C%20etc.%20If%20you%20don%E2%80%99t%20know%20about%20this%20site%2C%20it%E2%80%99s%20actually%20a%20really%20good%20idea%20to%20check%20it%20out%20and%20see%20if%20your%20organization%20is%20exposed.%20A%20lot%20of%20people%20have%20turned%20to%20RDP%20to%20enable%20remote%20work%20in%20the%20last%20year%2C%20I%20know%20I%20have.%20Of%20course%2C%20this%20can%20always%20be%20secured%20and%20locked%20down%2C%20but%20I%E2%80%99m%20going%20to%20show%20you%20the%20potential%20consequences%20if%20that%20hasn%E2%80%99t%20been%20done.%20So%20here%2C%20let%E2%80%99s%20start%20by%20going%20to%20Shodan.io%20and%20I%E2%80%99ll%20search%20for%20Fabrikam%20as%20an%20organization%20with%20port%203389%20in%20the%20US.%20And%20I%20can%20see%20that%20the%20Fabrikam%20domain%20is%20in%20fact%20a%20machine%20online%20with%20an%20open%20RDP%20port.%20So%20we%20can%20even%20see%20with%20the%20thumbnail%20of%20the%20login%2C%20which%20specific%20usernames%20have%20console%20access.%20So%20now%20I%E2%80%99m%20going%20to%20switch%20over%20to%20my%20Kali%20Linux%20terminal%20that%20I%20pulled%20down%20from%20the%20Microsoft%20store%20and%20is%20running%20on%20Windows%20Subsystem%20for%20Linux.%20So%20now%20I%E2%80%99m%20going%20to%20try%20to%20brute%20force%20log%20in%20to%20this%20VM%20in%20the%20cloud%2C%20I%E2%80%99m%20going%20to%20try%20to%20brute%20force%20it%20with%20a%20tool%20used%20for%20pen%20testing%20from%20the%20Kali%20Linux%20distro.%20So%20I%E2%80%99ll%20actually%20run%20it%2C%20the%20tool%2C%20with%20a%20password%20file%20that%20has%20the%20most%20common%20passwords%20that%20we%E2%80%99ve%20seen%20from%20leaked%20databases%20or%20ones%20that%20you%20might%E2%80%99ve%20seen%20on%20sites%20like%20haveibeenpwnd.com.%20This%20one%20just%20uses%20the%20most%20common%20passwords%2C%20but%20there%20are%20sites%20like%20dehashed.com%20where%20you%20can%20search%20for%20a%20specific%20text%20stream%20for%20domain%20or%20email%20accounts%20and%20increase%20your%20efficiency%20on%20brute%20forcing.%20Anytime%20you%E2%80%99re%20brute%20forcing%2C%20it%20can%20take%20between%20minutes%2C%20hours%2C%20or%20days%2C%20and%20that%E2%80%99s%20going%20to%20fully%20depend%20on%20the%20configuration%2C%20if%20there%E2%80%99s%20a%20lock-out%20policy%20and%20password%20complexity%2C%20but%20because%20this%20is%20a%20simulation%2C%20just%20to%20save%20time%2C%20I%E2%80%99ll%20let%20it%20run%20for%20a%20few%20seconds.%20So%20now%20I%E2%80%99m%20running%20it%20and%20we%20can%20see%20right%20here%20that%20there%E2%80%99s%20my%20password%20in%20plain%20text%2C%20and%20there%E2%80%99s%20an%20admin%20account%20along%20with%20the%20username%20and%20IP.%20So%20if%20I%20just%20go%20ahead%20and%20plug%20these%20in%20to%20the%20RDP%20client%2C%20I%E2%80%99ve%20already%20set%20the%20IP%2C%20I%E2%80%99ve%20set%20the%20username%2C%20and%20of%20course%20I%E2%80%99m%20running%20this%20super%20high-resolution%20laptop%2C%20so%20let%E2%80%99s%20make%20sure%20we%20can%20see%20everything%2C%20and%20now%20I%E2%80%99ll%20input%20the%20password%20that%20we%20just%20brute%20forced.%20And%20that%E2%80%99s%20it.%20Now%20it%20connects%20and%20you%20can%20see%20that%20I%E2%80%99m%20the%20admin%20on%20this%20machine%20and%20I%20can%20pretty%20much%20do%20whatever%20I%20want%20now%2C%20I%E2%80%99m%20in%20full%20control%20of%20it.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20I%20gotta%20say%2C%20it%E2%80%99s%20really%20crazy%20seeing%20how%20many%20machines%20are%20just%20on%20the%20site%3B%20all%20the%20details%20about%20the%20login%20user%20accounts%2C%20with%20RDP%20open%20to%20the%20web.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20What%E2%80%99s%20even%20crazier%20is%20that%20I%E2%80%99m%20in%20a%20physical%20machine%20that%20was%20open%20to%20the%20internet.%20RDP%20is%20one%20of%20the%20most%20common%20attack%20vectors%20for%20ransomware%2C%20and%20it%E2%80%99s%20also%20still%20running%20old%20school%20Master%20Boot%20Record%20or%20MBR%2C%20no%20UEFI.%20There%E2%80%99s%20a%20TPM%20there%2C%20but%20it%E2%80%99s%20disabled.%20So%20let%E2%80%99s%20just%20look%20at%20how%20vulnerable%20this%20machine%20is.%20So%20an%20easy%20way%20to%20do%20that%20is%20to%20pull%20up%20MSINFO.%20And%20now%20I%20have%20it%20open%20here.%20You%20can%20see%20that%20the%20BIOS%20mode%20is%20actually%20in%20legacy%2C%20which%20means%20secure%20boot%20is%20unsupported.%20Now%20I%20can%20actually%20make%20any%20of%20the%20modifications%20I%20want%20with%20full%20elevation%2C%20as%20the%20machine%20admin.%20So%20for%20example%2C%20if%20I%20want%20to%20install%20a%20rootkit%20or%20a%20bootkit%20to%20undermine%20the%20system%2C%20I%20can.%20In%20fact%2C%20I%E2%80%99ve%20opened%20the%20prompt%20as%20an%20administrator%20here%2C%20and%20I%E2%80%99ve%20stored%20an%20EXE%20on%20my%20desktop.%20I%E2%80%99ll%20change%20directories%20there%2C%20and%20then%20I%E2%80%99ll%20run%20this%20tool%20I%E2%80%99ve%20created%20called%20MBRrewritetool.exe.%20This%20has%20a%20malicious%20payload%2C%20it%E2%80%99ll%20make%20changes%20directly%20to%20this%20legacy%20boot%20record.%20So%20I%E2%80%99ll%20just%20type%20in%20yes%2C%20and%20then%20the%20program%20initiates%20an%20immediate%20shutdown.%20Just%20give%20that%20a%20second.%20So%20now%20Jeremy%2C%20why%20don%E2%80%99t%20you%20go%20ahead%20and%20reboot%20your%20machine%20to%20see%20what%20happens%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Hold%20on.%20You%20did%20that%20to%20my%20machine%3F%20I%20wasn%E2%80%99t%20even%20looking%2C%20it%E2%80%99s%20shut%20down.%20Okay.%20So%2C%20I%E2%80%99m%20going%20to%20turn%20on%20my%20PC%20in%20this%20case.%20So%20let%20me%20go%20ahead%20and%20power%20it%20up.%20It%20looks%20like%20PXE%20is%20still%20working%2C%20that%E2%80%99s%20a%20good%20thing%20just%20in%20case%20all%20else%20goes%20wrong.%20And%20it%20looks%20like%20there%E2%80%99s%20some%20ASCI%20art%20there%2C%20and%20it%20looks%20like%20you%20want%20me%20to%20pay%20you.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20I%20do.%20Pay%20up%2C%20Jeremy.%20So%20as%20it%20says%2C%20you%20need%20to%20pay%20up%2C%20and%20you%E2%80%99ve%20got%20to%20send%20me%20some%20cryptocurrency%20and%20then%20I%E2%80%99ll%20fix%20your%20machine%20up%20for%20you.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20All%20right%2C%20I%E2%80%99ll%20get%20right%20on%20that.%20As%20we%20all%20know%2C%20by%20the%20way%2C%20rewriting%20the%20master%20boot%20record%2C%20it%E2%80%99s%20pretty%20bad.%20Even%20if%20you%20can%20boot%20into%20WinPE%20or%20WinRE%20and%20try%20to%20fix%20it%2C%20there%E2%80%99s%20no%20guarantee%20that%20the%20primary%20partition%20is%20still%20recoverable.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20That%E2%80%99s%20right.%20And%20this%20is%20similar%20to%20the%20NotPetya%20attack%20you%20might%E2%80%99ve%20seen%20a%20few%20years%20ago.%20I%20could%20have%20easily%20encrypted%20your%20hard%20drive%2C%20and%20I%E2%80%99ll%20show%20you%20in%20just%20a%20second%20how%20this%20is%20addressed%20with%20Windows%2011%20default%20protections.%20But%20for%20now%2C%20let%20me%20show%20you%20another%20cool%20attack.%20This%20time%20it%E2%80%99s%20going%20to%20be%20related%20to%20biometric%20log%20on.%20So%20I%E2%80%99m%20on%20a%20machine%20without%20virtualization-based%20security%20or%20enhanced%20sign-in%20security%20turned%20on.%20So%20let%20me%20log%20in%20here.%20I%E2%80%99m%20going%20to%20try%20my%20finger.%20And%20because%20this%20isn%E2%80%99t%20my%20PC%2C%20you%E2%80%99ll%20see%20that%20my%20fingerprint%20didn%E2%80%99t%20work%20to%20let%20me%20log%20in.%20This%20is%20fully%20expected.%20Now%20for%20the%20next%20part%20of%20the%20demo%2C%20we%E2%80%99ve%20actually%20fully%20disabled%20virtualization-based%20security%20on%20this%20machine%2C%20and%20even%20though%20VBS%20is%20on%20by%20default%20for%20new%20machines%20running%20Windows%2011%2C%20I%20also%20have%20a%20direct%20memory%20access%20device%20here%20called%20a%20PCI%20leech.%20And%20I%E2%80%99m%20going%20to%20use%20this%20to%20access%20what%E2%80%99s%20in%20memory%20on%20this%20victim%20machine%2C%20from%20my%20attacker%20machine%20and%20I%E2%80%99m%20going%20to%20use%20that%20to%20modify%20the%20biometric%20authentication%20code%20for%20fingerprints.%20So%20I%E2%80%99m%20actually%20going%20to%20connect%20over%20Thunderbolt%2C%20just%20make%20sure%20that%E2%80%99s%20all%20plugged%20in%20here.%20And%20once%20I%20do%20that%2C%20I%E2%80%99m%20going%20to%20run%20an%20exploit%20that%20allows%20me%20to%20modify%20the%20authentication%20code.%20So%20here%20on%20my%20other%20machine%2C%20code%20named%20Gambino%2C%20I%E2%80%99ll%20run%20%5Cdma_unlock.exe.%20And%20that%E2%80%99ll%20just%20take%20a%20second%20and%20you%E2%80%99ll%20see%20that%20there%E2%80%99s%20a%20patch%20written%20to%20the%20biometric%20code%2C%20which%20was%20fully%20successful.%20Now%2C%20I%E2%80%99ll%20try%20to%20log%20in%20again.%20This%20time%20I%20could%20use%20my%20finger%2C%20but%20why%20don%E2%80%99t%20we%20do%20something%20cooler%3F%20So%20I%20have%20got%20one%20of%20my%20favorite%20things%20here%2C%20a%20pack%20of%20gummy%20bears.%20So%20I%E2%80%99m%20actually%20just%20going%20to%20open%20this%20up.%20And%20first%20things%20first%2C%20I%E2%80%99m%20going%20to%20have%20a%20gummy%20bear%20to%20power%20up%20a%20bit%2C%20and%20then%20I%E2%80%99m%20going%20to%20take%20this%20red%20gummy%20bear%2C%20and%20I%E2%80%99m%20going%20to%20try%20to%20log%20in%20with%20it.%20So%20this%20should%20work%20with%20any%20capacitive%20object.%20I%E2%80%99m%20a%20gummy%20bear%20fan%2C%20so%20I%E2%80%99m%20going%20to%20try%20that.%20So%20we%E2%80%99re%20going%20to%20go%20ahead%20and%20just%20rub%20that%20on%20here.%20And%20voila!%20You%20can%20see%20that%20we%20can%20log%20in%20with%20a%20gummy%20bear%20and%20that%20since%20this%20account%20is%20a%20local%20admin%2C%20I%E2%80%99m%20back%20in%20control%20of%20it.%20I%20can%20do%20whatever%20I%20want%20with%20this%20machine%2C%20I%20fully%20own%20it.%20So%20I%E2%80%99ve%20shown%20both%20a%20remote%20attack%2C%20as%20well%20as%20an%20in-person%20physical%20attack%2C%20and%20both%20of%20these%20have%20better%20protections%20in%20Windows%2011.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Okay%2C%20so%20what%20can%20we%20do%20then%20in%20Windows%2011%20to%20stop%20these%20types%20of%20attacks%2C%20and%20what%20technologies%20then%20come%20into%20play%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20So%20we%E2%80%99ll%20start%20with%20the%20attack%20we%20just%20saw%2C%20and%20after%20that%2C%20I%E2%80%99ll%20fix%20up%20the%20attack%20where%20I%20modified%20your%20MBR.%20Because%20the%20fingerprint%20authentication%20hack%20was%20against%20memory%2C%20this%20is%20where%20virtualization-based%20security%20or%20VBS%20comes%20in.%20So%20if%20you%20think%20about%20the%20DMA%20device%20here%2C%20which%20allowed%20me%20to%20bypass%20the%20biometrics%2C%20it%20actually%20needs%20to%20modify%20system%20files%20in%20memory%20to%20work%20over%20its%20Thunderbolt%20connection.%20With%20VBS%20enabled%20this%20can%E2%80%99t%20happen%2C%20because%20VBS%20separates%20the%20things%20we%20really%20need%20to%20protect%20from%20the%20running%20OS%20session.%20Things%20like%20encryption%20keys%2C%20signatures%2C%20and%20code%2C%20are%20locked%20down%20in%20an%20isolated%20region%20of%20memory%20that%E2%80%99s%20completely%20separated%20by%20hardware%20from%20the%20operating%20system.%20So%20here%2C%20hypervisor-enforced%20code%20integrity%2C%20or%20HVCI%2C%20manages%20code%20integrity%20policy%20enforcement.%20It%E2%80%99ll%20check%20signatures%20of%20drivers%20or%20system%20files%2C%20and%20when%20signatures%20don%E2%80%99t%20match%2C%20they%20won%E2%80%99t%20get%20loaded%20into%20system%20memory%20and%20most%20importantly%2C%20you%20cannot%20modify%20code%20that%20runs%20into%20VBS%20enclave.%20So%20first%2C%20let%20me%20show%20you%20how%20to%20enable%20enhanced%20sign-in%20security%20for%20Biometrics.%20I%E2%80%99m%20in%20a%20PowerShell%20ISE%20here%2C%20and%20I%E2%80%99m%20going%20to%20add%20this%20reg%20key%20to%20my%20device%20guard%20settings%2C%20under%20scenarios%20and%20secure%20biometrics.%20Now%20I%E2%80%99ll%20query%20the%20key%20just%20to%20make%20sure%20it%E2%80%99s%20enabled%20and%20see%20if%20it%20looks%20good.%20For%20the%20setting%20to%20take%2C%20I%20need%20to%20reboot%20the%20machine.%20So%20since%20I%E2%80%99m%20already%20in%20PowerShell%2C%20I%E2%80%99m%20just%20going%20to%20run%20a%20shutdown%20command.%20And%20now%20I%20just%20to%20need%20to%20wait%20a%20second%20for%20this%20reboot.%20And%20once%20I%E2%80%99m%20back%20in%20Windows%2C%20I%E2%80%99ll%20open%20up%20PowerShell%20again%2C%20and%20make%20sure%20our%20key%20is%20enabled.%20Okay%2C%20so%20there%E2%80%99s%20my%20registry%20query%2C%20I%E2%80%99ll%20re-run%20it%2C%20and%20it%E2%80%99s%20still%20on.%20And%20importantly%2C%20it%20was%20on%20during%20the%20reboot%2C%20so%20that%20stayed%20on.%20So%20now%20let%20me%20just%20pop%20into%20the%20start%20menu%20and%20I%E2%80%99ll%20hop%20into%20the%20event%20viewer.%20Now%20I%20just%20need%20to%20find%20the%20Biometric%20events.%20So%20I%E2%80%99ll%20jump%20in%20the%20application%20and%20services%20logs%2C%20now%20Microsoft%20and%20Windows%2C%20cue%20the%20Jeopardy%20music.%20I%20just%20need%20to%20find%20Biometrics.%20And%20now%20in%20operations%2C%20I%20can%20see%20there%E2%80%99s%20a%20couple%20of%20events%2C%20and%20I%E2%80%99ll%20click%20the%20first%20verbose%20one.%20So%20you%20can%20see%20from%20this%20event%20data%20that%20my%20fingerprint%20sensor%20is%20now%20fully%20isolated%20in%20a%20virtual%20secure%20mode%20process.%20It%20wasn%E2%80%99t%20before%20I%20changed%20the%20registry%20key%20and%20rebooted%2C%20but%20now%20it%20is.%20So%20I%E2%80%99ll%20just%20go%20ahead%20and%20minimize%20the%20event%20viewer.%20I%E2%80%99ll%20open%20start%20again.%20And%20I%E2%80%99ll%20go%20back%20to%20our%20handy%20dandy%20MSINFO.%20And%20with%20MSINFO%2C%20you%E2%80%99ll%20see%20that%20virtualization-based%20security%20is%20actually%20now%20running%20on%20this%20machine%2C%20which%20is%20great.%20So%20now%20I%E2%80%99ll%20just%20lock%20this%20machine%20with%20Windows%20L%20and%20I%E2%80%99m%20going%20to%20try%20the%20same%20attack%20again.%20So%20I%E2%80%99ll%20get%20my%20DMA%20device%20hooked%20up%2C%20my%20PCI%20leech.%20So%20now%20that%20that%E2%80%99s%20hooked%20up%2C%20we%20will%20try%20to%20run%20the%20DMA%20unlock.%20So%2C%20go%20here%2C%20run%20that%20again.%20And%20you%E2%80%99ll%20see%20that%20this%20now%20fails%20with%20a%20memory%20access%20violation%20while%20it%20was%20trying%20to%20patch%20the%20DLL%2C%20because%20that%20DLL%20is%20now%20running%20in%20a%20fully-protected%2C%20segmented%20area%20of%20memory.%20And%20just%20to%20prove%20it%2C%20I%20won%E2%80%99t%20do%20the%20gummy%20bear%20this%20time%2C%20but%20I%E2%80%99m%20going%20to%20try%20to%20log%20in%20with%20my%20actual%20finger.%20It%E2%80%99ll%20actually%20prompt%20me%20to%20use%20the%20fingerprint%2C%20and%20you%20can%20see%20it%E2%80%99s%20blocked.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Okay%2C%20so%20this%20in%20this%20case%2C%20uses%20a%20secure%20enclave%20and%20memory%20to%20block%20any%20code%20modification%2C%20but%2C%20is%20there%20anything%20else%20going%20on%20then%20under%20the%20covers%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Yeah%2C%20the%20protections%20go%20all%20the%20way%20down%20to%20the%20silicon%20level.%20Once%20the%20enhanced%20sign-in%20security%20is%20enabled%2C%20the%20key%20that%20is%20used%20in%20lieu%20of%20your%20password%20is%20actually%20stored%20in%20the%20TPM%20or%20Trusted%20Platform%20Module.%20If%20you%E2%80%99re%20not%20familiar%20with%20TPMs%2C%20these%20are%20physical%20or%20virtual%20chips%20that%20are%20on%20your%20PC%E2%80%99s%20motherboard%20or%20in%20the%20processor.%20Their%20purpose%20is%20to%20protect%20encryption%20keys%2C%20user%20credentials%2C%20and%20other%20sensitive%20data%20behind%20a%20hardware%20barrier%2C%20so%20that%20malware%20and%20attackers%20can%E2%80%99t%20access%20or%20tamper%20with%20that%20data.%20With%20Windows%2011%2C%20we%E2%80%99re%20requiring%20TPM%202.0%20on%20new%20installs%20by%20default.%20Most%20computers%20built%20over%20the%20last%20five%20years%20come%20with%20this%2C%20sometimes%20the%20TPM%20chip%20has%20been%20turned%20off%20in%20the%20firmware%20and%20it%E2%80%99ll%20just%20need%20you%20to%20enable%20it%20in%20your%20firmware%20bios%20to%20get%20the%20protections%20from%20it%20and%20install%20Windows%2011.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20And%20by%20the%20way%2C%20one%20tip%20here%2C%20the%20TPM%20chip%20on%20your%20firmware%2C%20it%20can%20be%20also%20referred%20to%20as%2C%20IPTT%20on%20an%20Intel%20system%2C%20or%20fTPM%20on%20PCs%20with%20AMD%20chipsets.%20So%2C%20why%20don%E2%80%99t%20we%20move%20back%20to%20my%20machine%20here%2C%20it%E2%80%99s%20bricked%20right%20now%2C%20it%E2%80%99s%20in%20ransomed%20state.%20So%2C%20how%20would%20Windows%2011%20protect%20something%20like%20this%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Sorry%20about%20that%2C%20Jeremy%2C%20but%20it%20was%20for%20a%20good%20cause%20I%20assure%20you.%20So%20this%20is%20where%20UEFI%2C%20Secure%20Boot%20and%20Trusted%20Boot%20come%20in.%20I%E2%80%99m%20not%20going%20to%20cover%20the%20ways%20to%20make%20my%20initial%20remote%20attack%20vector%20over%20RDP%20more%20secure.%20That%20would%20be%20a%20great%20future%20Mechanics.%20But%20if%20a%20machine%20is%20compromised%2C%20we%20can%20help%20you%20minimize%20the%20damage.%20Windows%2011%20will%20stop%20these%20type%20of%20attacks%20out-of-the-box%20because%20we%E2%80%99re%20using%20Secure%20Boot%20and%20Trusted%20Boot%2C%20which%20use%20both%20the%20required%20UEFI%20and%20TPM%20hardware.%20Secure%20Boot%20and%20Trusted%20Boot%20stop%20rootkits%20or%20bootkits%20that%20attempt%20to%20modify%20your%20early%20boot%20files.%20So%20Jeremy%2C%20why%20don%E2%80%99t%20you%20try%20enabling%20Secure%20Boot%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Sounds%20good%2C%20I%20want%20to%20get%20this%20thing%20fixed.%20So%2C%20now%20I%E2%80%99m%20going%20to%20boot%20into%20firmware%20settings%20with%20my%20F%20key%2C%20and%20I%E2%80%99m%20going%20to%20go%20ahead%20and%20enable%20Secure%20Boot.%20And%20while%20I%E2%80%99m%20in%20here%2C%20I%E2%80%99m%20going%20to%20see%20that%20it%20fails.%20And%20that%E2%80%99s%20by%20design%2C%20by%20the%20way%2C%20don%E2%80%99t%20worry%20about%20that.%20That%E2%80%99s%20intentional%2C%20because%20for%20Secure%20Boot%20to%20work%2C%20I%20actually%20need%20to%20disable%20legacy%20ROM%20options%20in%20this%20case.%20So%20now%20I%20can%20enable%20Secure%20Boot.%20Once%20I%E2%80%99ve%20done%20that%20and%20hit%20Apply%2C%20and%20this%20system%20now%20requires%20that%20it%E2%80%99s%20booted%20with%20UEFI%20and%20also%20Secure%20Boot%20in%20order%20to%20work.%20So%2C%20now%20that%20I%20have%20UEFI%20and%20Secure%20Boot%20and%20Trusted%20Boot%20enabled%2C%20how%20exactly%20does%20that%20protect%20my%20machine%20from%20future%20attacks%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20So%20UEFI%20by%20itself%20actually%20adds%20more%20security%20to%20the%20boot%20sequence.%20Rootkit%20and%20bootkit%20attacks%20typically%20try%20to%20inject%20malicious%20code%20very%20early%20in%20the%20boot%20sequence%20so%20they%20can%20run%20undetected%20before%20your%20protection%20software%20loads%20up.%20UEFI%20has%20security%20baked%20in%20the%20initial%20phases%20of%20the%20boot%20process%2C%20and%20it%20works%20hand-in-hand%20with%20our%20boot%20validation%20processes%20from%20Windows%20to%20stop%20rootkits%20and%20bootkits.%20When%20you%20boot%20a%20system%20before%20handing%20off%20to%20the%20OS%2C%20Secure%20Boot%20then%20checks%20the%20boot%20loader%E2%80%99s%20digital%20signature%20against%20keys%20configured%20by%20your%20OEM%20to%20make%20sure%20it%20hasn%E2%80%99t%20been%20modified.%20Then%20Trusted%20Boot%20takes%20over%20to%20check%20the%20kernel%20and%20other%20boot-critical%20components%20and%20record%20the%20information%20to%20the%20TPM%20that%20is%20used%20by%20measured%20boot.%20The%20TPM%20stores%20audit%20logs%20when%20using%20measured%20boot%20that%20can%20be%20measured%20against%20known%20healthy%20boot%20logs%20on%20a%20local%20server%2C%20or%20even%20against%20the%20Intune%20service%20for%20Zero%20Trust%20scenarios.%20And%20if%20everything%20checks%20out%2C%20Windows%20will%20boot.%20If%20not%2C%20we%E2%80%99ll%20catch%20it%20and%20either%20enforce%20it%20with%20things%20like%20conditional%20access%2C%20or%20we%E2%80%99ll%20put%20the%20machine%20into%20BitLocker%20recovery%20and%20you%20can%20recover%20that%20the%20next%20time%20you%20boot.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Okay%2C%20so%20now%20we%20know%20how%20it%20works%20under%20the%20covers%2C%20but%20can%20you%20prove%20here%20in%20this%20case%20that%20it%20works%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Sure.%20So%20I%E2%80%99m%20in%20Windows%2011.%20I%E2%80%99m%20logged%20in%20as%20a%20local%20administrator.%20So%20my%20PowerShell%20script%20here%20is%20going%20to%20attempt%20to%20copy%20in%20a%20new%20EFI%20boot%20file%20to%20the%20S%3A%5C%20drive%20I%E2%80%99ve%20just%20mounted.%20Then%20I%E2%80%99m%20going%20to%20write%20the%20Bootmgr%20in%20order%20to%20boot%20into%20a%20ransomware%20environment%2C%20which%20has%20that%20beautiful%20piece%20of%20ASCI%20art%20and%20payment%20request%20you%20saw%20on%20Jeremy%E2%80%99s%20machine%20earlier.%20But%20now%20because%20I%20have%20Secure%20Boot%20and%20Trusted%20Boot%20enabled%2C%20this%20won%E2%80%99t%20matter%20and%20the%20attack%20will%20be%20defeated.%20So%20I%E2%80%99m%20going%20to%20restart%20this%20Windows%2011%20machine%20with%20those%20files%20in%20place.%20And%20under%20the%20covers%2C%20it%E2%80%99s%20going%20to%20reject%20the%20changes%20that%20were%20made%20to%20the%20boot%20files.%20It%E2%80%99s%20going%20to%20take%20me%20to%20the%20normal%20login%20for%20Windows%2011.%20So%20the%20threat%20was%20automatically%20neutralized%20as%20part%20of%20the%20Secure%20Boot%20and%20Trusted%20Boot%20processes.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20Cool%2C%20so%20that%20really%20helps%20explain%20the%20TPM%20and%20virtualization-based%20security%2C%20UEFI%20and%20Secure%20Boot%20requirements%2C%20but%20did%20those%20capabilities%20also%20play%20a%20role%20into%20the%20system%20requirements%20for%20the%20newer%20Intel%20and%20AMD%20Ryzen%20chipsets%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20They%20do.%20So%20while%20earlier%20processors%20might%E2%80%99ve%20supported%20VBS%20and%20HVCI%20for%20the%20best%20experience%2C%20the%20newer%20processors%20have%20much%20better%20performance%20running%20the%20required%20virtualization.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20And%20that%20makes%20a%20lot%20of%20sense.%20You%20know%2C%20we%20need%20all%20the%20security%20we%20can%20get%2C%20but%20we%20don%E2%80%99t%20want%20that%20at%20the%20cost%20of%20lowering%20performance.%20And%20these%20attacks%20really%20show%20what%20TPMs%20and%20virtualization-based%20security%20really%20bring%20to%20the%20table.%20So%2C%20how%20do%20you%20recommend%20people%20learn%20more%20about%20this%20and%20get%20started%20with%20these%20protections%3F%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20First%2C%20try%20Windows%2011%20now%20in%20preview%20and%20upgrade%20to%20it%20once%20it%20hits%20general%20availability.%20Next%2C%20all%20the%20protections%20I%20showed%20today%20are%20optional%20capabilities%20in%20Windows%2010.%20So%20just%20turn%20them%20on%20to%20get%20better%20security.%20And%20for%20any%20new%20devices%20you%E2%80%99re%20buying%2C%20seriously%20look%20at%20our%20secured-core%20PCs%20from%20a%20vast%20number%20of%20OEMs.%20They%20have%20the%20most%20built-in%20protection%20and%20there%E2%80%99ll%20be%20ready%20for%20Windows%2011%20once%20you%E2%80%99re%20ready%20to%20upgrade.%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22iz%20ja%20gg%20jb%20b%20jc%20kv%20ig%20je%20jf%20kw%20ik%20jh%20ji%20kx%20jk%20jl%20jm%20ky%20jo%20jp%20jq%20kz%20js%20jt%20ju%20dn%20hc%22%20data-selectable-paragraph%3D%22%22%3E-%20All%20right%2C%20and%20there%E2%80%99s%20one%20more%20related%20tip.%20You%20know%2C%20if%20your%20PC%20meets%20the%20requirements%20for%20Windows%2011%20and%20is%20currently%20using%20a%20BIOS%20and%20Master%20Boot%20record%20or%20MBR%20partitioning%2C%20you%20can%20switch%20from%20MBR%20to%20GPT%20partitioning%20that%E2%80%99s%20needed%20for%20UEFI%20without%20reformatting%20your%20disk%20or%20reinstalling%20Windows%20from%20scratch.%20So%20just%20check%20out%20our%20show%20at%20aka.ms%2FMechanicsMBR2GPT%20to%20see%20how%20to%20do%20that.%20So%2C%20thank%20you%20so%20much%20Dave%2C%20also%20for%20answering%20all%20of%20our%20questions%20and%20for%20that%20insider%E2%80%99s%20perspective%20into%20Windows%2011%20hardware%20requirements.%20And%20be%20sure%20to%20keep%20watching%20Microsoft%20Mechanics%20for%20all%20the%20latest%20updates.%20Subscribe%20to%20our%20channel%20if%20you%20haven%E2%80%99t%20already%2C%20and%20as%20always%2C%20thanks%20so%20much%20for%20watching.%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FSECTION%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2813193%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EStay%20ahead%20of%20external%20and%20internal%20threats%20%E2%80%94%20and%20balance%20performance%2C%20reliability%2C%20and%20security%20with%20Windows%2011.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2813193%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%2011%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Oct 05 2021 07:02 AM
Updated by: