Microsoft is hoping that adoption of its latest version of Windows 11 will wipe out a popular technique for stealing credentials, thanks to the company's move to turn on certain security features by default in the operating system.
The Windows 11 2022 update is generally available today. Among the on-by-default security features in the new version of Windows 11 is Credential Guard, which protects against the theft of login and password data stored in Windows.
The technique for stealing login and password information is known as "credential dumping," and it's widely used by attackers ranging from ransomware operators to nation-state hackers. Credential dumping entails copying credentials from several different areas within Windows, often with the help of a software tool such as Mimikatz.
Organizations will automatically be protected against this tactic by updating to the latest Windows 11 version, as Credential Guard will be turned on by default for the first time, according to David Weston, vice president for enterprise and OS security at Microsoft.
Ultimately, the new Windows 11 update "eradicates the most common techniques from a credential-dumping standpoint," Weston told Protocol.
Illegitimate use of credentials is the largest source of data breaches by far, according to Verizon, which found that credentials usage was responsible for 48% of breaches in 2021.
While Microsoft has offered Credential Guard as an optional feature since Windows 10, few organizations have used the feature because it wasn't on by default, Weston said.
For Microsoft to turn the feature on by default, the company had to ensure that the underlying technology used by Credential Guard, known as virtualization-based security, could run without delivering an outsized hit to PC performance, he said. Microsoft now feels confident that it's able to do that as part of the new version of Windows 11, according to Weston. (The ability to run virtualization-based security features by default was a main driver for the higher CPU requirements for Windows 11, Weston has said.)
Other security features will be on by default in the new Windows 11 version as well. Those include hypervisor-protected code integrity, which prevents the modification of Windows kernel code such as drivers (as occurred in the WannaCry attack), and another feature aimed at thwarting credential theft (credential isolation with Local Security Authority protection).
Meanwhile, Microsoft is also introducing features aimed at preventing malware (Smart App Control) and phishing (Microsoft Defender SmartScreen) in the latest Windows 11 update.
All in all, "I would say Windows 11 is substantially more secure than [Windows] 10 at this point, from a feature standpoint," Weston said. "I expect a lot of the momentum — particularly in commercial — for Windows 11 will be driven by security."
The successor to the Windows 10 operating system, Windows 11 was first introduced in October 2021. As of June, 23.1% of Windows PCs were running Windows 11, according to a report from AdDuplex.