Windows 11 vs. past/present vulnerabilities

By JustGeorge
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

JustGeorge

Posted
Posted (edited)

This is a serious question because I really don't know. Not looking to OS bash. Wanting technical answers. 

 

What past/present vulnerabilities would've been stopped dead in their tracks by a TPM, Secureboot and the explicit cpu requirements for Win11?

Edited by JustGeorge
Veteran

+Biscuits Brown MVC

Posted
  • MVC
Posted

I don't think anyone knows 100% so I'll through these out as speculation. TPM and secure boot would be a good block against rootkit based infection so requiring these could make a system more secure.  As for CPU generation, the common thought is it has something to do with spectre/meltdown remediations but who knows. 

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
8 minutes ago, Tantawi said:

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

  • JustGeorge and Arceles
  • Like 2
Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted (edited)
12 minutes ago, warwagon said:

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

Grand Master

Ci7

Posted
Posted
5 hours ago, Tantawi said:

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

stuck with perfectly fine i7 5930/X99 motherboard with TPM 1.3 Connector :(

 

 

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted (edited)
36 minutes ago, JustGeorge said:

What about ransomware? Any additional defenses against that scourge?

Partially, see: https://www.microsoft.com/security/blog/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/?source=mmpc where Secure Boot can help stop the encryption process if the computer rebooted shortly after infection. Plus other measures.

And while such protection is totally possible to have with Windows 10, the keyword here is to "enforce it" with Windows 11.

  • JustGeorge and Ci7
  • Like 2
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

A couple of attack styles come to mind:

  • Some of the initial round of speculative execution attacks, i.e., first generation of Spectre and Meltdown.
  • malicious software that infects firmware, such as Mebromi and perhaps even Lojax.

Please keep in mind this is strictly off the top of my head.  I was thinking more about types of attacks that might be blocked a completely working set of TPM + SecureBoot + modern processors with fully-patched microcode.

 

Regards,

 

Aryeh Goretsky

 

Grand Master

George P Global Moderator

Posted
  • Global Moderator
Posted

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted
1 hour ago, George P said:

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview#practical-applications

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Helium Browser 0.13.1.1

      By cork1958 · Posted

      FWIW, I've been using Helium on Linux and Windows since the first time it was mentioned here. Actually, maybe a day or 3 before, as I searched for it when I saw it mentioned on the MX Linux forums. Haven't had a single issue on either OS. Not bad for a beta.
    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By AsherGZ · Posted

      See up until a few years ago y'all could get away with simply denying your war crimes, pretending it never happened. Unfortunately for you, it's the 2020s and Israel's genocide has been livestreamed in real time. You have to be dumber than a rock to think anyone still believes your propaganda. See the cat is already out of the bag. The world already knows who you are so do yourself a favor and just drop the facade. Bet it gets real tiring keep track of all the lies. Take some inspiration from Israeli ministers who boast on live TV they like massacring civilians. Every zionist accusation is after all a confession.
    • Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

      By QuantumBigfoot · Posted

      He's just reporting what Microsoft posted. https://msmessagecenter.com/MC1381119 It just means that Windows Defender updates will no longer be bundled into the monthly Cumulative Windows security update and will now be a separate download. They'll still be on Microsoft update of course but now they can be released faster.
    • Apple announces iOS 27 with no changes to the list of supported iPhones

      By TarasBuria · Posted

      Apple announces iOS 27 with no changes to the list of supported iPhones by Taras Buria At WWDC 2026 in Cupertino, Apple announced iOS 27, the next mobile operating system for compatible iPhones. The update focuses on tweaking and improving last year's iOS 26, particularly in areas like app launch time, Liquid Glass design, and more. Additionally, Apple has reworked Apple Maps with a significantly enhanced Flyover view for a much more realistic view. Apple also promises better performance, smarter search, new Health features, new parental controls, and more. The most important part is that iOS 27 is compatible with all iPhones that can run iOS 26. That means that even the seven-year-old iPhone 11 can run iOS 27 (supposedly better than iOS 26). iOS 27 will be available this Fall, with the first developer betas expected later today. You can follow the live stream here.
    • What are you listening to?

      By GUNNER · Posted

  • Recent Achievements

    • Very Popular
      Captain_Eric earned a badge
      Very Popular
    • One Month Later
      amusc earned a badge
      One Month Later
    • One Month Later
      DJC50PLUS earned a badge
      One Month Later
    • Week One Done
      DJC50PLUS earned a badge
      Week One Done
    • Proficient
      Eric Biran went up a rank
      Proficient

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      PsYcHoKiLLa
      238
    3. 3
      ATLien_0
      80
    4. 4
      Steven P.
      78
    5. 5
      +Edouard
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!