Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this.
Although I would normally install a new Windows OS in ESX, I installed Windows 11 using VMware Workstation which has support for Secure Boot and a TPM. Windows 11 installed without an issue, and after booting, the most notable change was the GUI which is not terrible. However, it was the items that did not change that caught my eye. These items have been known to change with newer versions of Windows. VERT uses some of these indicators to accurately detect the versions of Windows. With these indicators not being updated, VERT will need to find additional methods to accurately detect the operating system.
There was only one registry in HKLM that contained the string “Windows 11.” Microsoft usually updates the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersion with the version of Windows. However, with Windows 11, you can see that the following keys have been updated: CurrentBuild, CurrentBuildNumber, and UBR. The CurrentBuild (22000) and UBR (194) form the build version for Windows 11 (https://docs.microsoft.com/en-us/windows/release-health/windows11-release-information). However, the ProductName value still calls this operating system “Windows 10.”
The SMB protocol on Windows 11 advertises that the environment is running Windows 10. This could fool people into believing that this operating system is Windows 10 with the build version of 22000. However, Windows 10 does not currently have a build with a version of 22000 (https://docs.microsoft.com/en-us/windows/release-health/release-information, https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Andrew Swoboda. Read the original post at: https://www.tripwire.com/state-of-security/featured/windows-11-registry-keys-smb-protocol-and-systeminfo/
Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more…
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray…
Tackling Code Obfuscation When facing a new technical challenge, I’m someone who often feels "in over my head," I tackle…
Jerusalem, Israel, March 28th, 2024, Cyberwire In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security,…
Creating a security data fabric protects an organization’s investment in its security and other IT controls by identifying performance issues…
Gary Perkins, Chief Information Security Officer Globally, no organization is immune to attack. Cybersecurity threats are a reality and every…