What do we know about the security of the new Windows 11 so far?

Updated: July 11, 2021 July 11, 2021 By Dmytro Cherkashyn

Using paint to create Windows 11 parody loading screen

It appears quite usual (I mean not one a decade anymore) to witness the release of a new operating system from Windows.

The new Windows 11 still lacks many expected features, which were implemented by other vendors, like better homeworking through free choice of mics or cameras, faster Windows update, and others.

But I care mainly about another question – security.

 

Disclaimer:

Please notice, use all mentioned in this article tools and software are exclusively volunteer. Not an author nor cooltechzone.com don't holds any responsibility for all potentially created problems.


Microsoft claimed Windows 11 more secure than previous versions?

While Microsoft claiming enhanced security of newly released Windows 11 version, there are almost no difference between using Windows 10 and Windows 11 in terms of software security. The biggest difference to previous versions is support and demand of TPM 2.0 chip to secure encryption keys, password and other sensitive information stored in memory,

said David Weston, Director of Enterprise and OS Security

From the list of requirements we know, the main hardware requirement change is TPM 2.0, which should be installed on the target system.

The Trusted Platform Module is a specially designed chip, which could be built-in into your laptop motherboard or externally running device. This chip/device creates protection for all session stored encryption keys, passwords, or other user's information.

By the way, the minimum requirement of TPM 2.0 is the biggest issue for many users tries out Windows 11.

Some resources even claimed that there is a spike in prices for TPM 2.0 modules. We did check it too.

ASUS TPM 2.0 Module price evolution from the 20 June. IT rise 100% in 2 weeks

Image source – geizhals.de

As you may see in the picture above, the market price of this particular TPM module jumped at price of 100%. It should not be a big problem for private users if they want to buy it, because it still costs about 25 USD. But I can say if you are going to find some on the stock.

If you know that you have the recent system and perhaps, already have the TPM module installed, you can use the WhyNotWin11 tool to check if your system meets those requirements. Bear in mind, this is not an official Windows checker tool.

WhyNotWin11 tool to check if your system is compatible with new Windows 11

 Image source – github.com

But even if your system is not compatible, don't worry. You can create bootable USD or install the system directly, using a specially crafted version of Windows 11 on GitHub of kanetjuh.

Option to download the Windows 11 Non TPM 2.0

Image source – github.com


Windows 11 exploit's the black market situation

It is, to be honest, not yet to see if there are any validated security vulnerabilities for Windows 11. We didn’t found any adequate information about existing vulnerabilities.

For good or bad, all users worldwide can download a new Windows 11 with a cracked key. I personally find it very bad, because this kind of software is the biggest donor of botnet devices.

Link to Windows 11 release with Key on one of hackers forum

I also spent some time trying to find any traces of exploits for the new OS or its software, but it was not successful. On one of the Darkweb forums, I found interesting RAT with Windows 11 mentioned in the list of platforms.

RAT for sell with Windows 11 mentioned in there

Obviously, this threat on the forum was not very reliable since many claims from users about the author's incompetency.


Conclusion

Where new Windows 11 will change the world or not, we are always expecting some old holes covered.

Before any stable situation, we can expect many speculations around Windows 11 topic, so keep calm and wait for an update.

Stay tuned and watch around!

Tags: 
News
Editor-in-Chief
Dmytro Cherkashyn
Being a passionate security expert from Ukraine, Dmytro has passed through various security domains for the last 12 years, starting with the physical security of nuclear facilities and coming to operational technology cybersecurity for critical infrastructure in Germany.

Write a review

click to select