Windows 11 Security Scare—MS Nixes Fixes on Older PCs - Security Boulevard

Windows 11 Security Scare—MS Nixes Fixes on Older PCs

Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates—although Microsoft PR is doing its usual trick of ghosting reporters who ask.

This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? That’s a recipe for disaster.

Stand by for Redmond to walk this one back in an embarrassing climbdown. In today’s SB Blogwatch, we hope against hope.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Olivia vs. Paramore.

MSFT MBEC+HVCI FAIL

What’s the craic? Sean Hollister reports—“Microsoft is threatening to withhold Windows 11 updates if your CPU is old”:

Why leave us in the dark?
Windows 11 won’t technically leave millions of PCs behind … so long as you download and manually install an ISO file. … But it turns out even that technicality has a technicality: Microsoft is now threatening to withhold Windows Updates … potentially even security updates.

It’s quite possible this is just a cover-your-ass measure. … But it’s also possible Microsoft genuinely does mean to withhold patches. … Microsoft declined to clarify things further.

Windows 11 could theoretically be an operating system where you go back to the days of manually downloading [security] updates. … Feature updates are probably less of a big deal. [But] why leave us in the dark?

Why indeed? Mary Jo Foley knows all about MSFT PR’s shenanigans—“Microsoft leaves a loophole”:

Unsupported state
Of course, Microsoft is not advising people to install Windows 11 on unsupported hardware. They … want people to buy new PCs. [So] you’ll be notified that your upgraded device will be in an unsupported state.

An “unsupported state,” in this case, means your PC won’t be entitled to receive updates via Windows Update. These may (or may not) include security and driver updates.

And Andrew Cunningham has—“Microsoft may withhold security updates”:

Just because you can …
The news that unsupported Windows 11 installs would be allowed at all was told to reporters on background, and not announced in last week’s official post on the Windows blog. The company has told us that running Windows 11 on unsupported PCs [is] best used for temporary test machines and not hardware you rely on day to day.

It all adds up to a giant, implied, “Just because you can doesn’t mean you should.”

What would the Underpants Gnomes do? drew_92123 drew this conclusion:

Profit
My guess is that this is just more marketing bull**** to get more people to upgrade their PCs—to profit both the OEMs and MS. Remember, every PC sold means another license MS can sell.

Step 1) scare consumers into upgrading,
Step 2) sell licenses with new PCs,
Step 3) profit.

TL;DR? Here’s ken27238’s pithy, precise precis: [You’re fired—Ed.]

Microsoft announces that they will be allowing unpatched security vulnerabilities in Windows 11.

Does that seem stupid to you? It really does to Belisarius:

Not seeing the forest for the trees
That seems really ***ing stupid. Every time there’s a security breach in Windows, Microsoft’s reputation suffers.

People aren’t interested nor pay attention to the details, they only see “Windows security breach.” … Seems like MS would have a vested interest in limiting these headlines, and providing security updates to everyone would be the best way.

Talk about not seeing the forest for the trees.

But what’s so special about the new hardware requirements? It’s not as if CPUs are getting much faster. ljw1004 explains:

MBEC
[It] relates to MBEC (Mode Based Execution Control). If this security/privilege mechanism is accelerated in hardware, Windows 11’s HVCI (Hypervisor-protected Code Integrity) runs fine. If MBEC is instead done in software by the CPU, slowdowns as bad as 40% have been seen.

So lots of people stuck on Windows 10? NYKevin certainly sounds sanguine:

So, basically, they want me to ignore their shiny new operating system, and keep using Windows 10. I’m perfectly happy to comply.

Meanwhile, Major_Disorder feels better after saying this:

Let me be the first to say, **** you Microsoft.

And Finally:

How forensic musicology works (and why it’s mainly BS)

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Geraldine Lemeur (cc:by)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 275 posts and counting.See all posts by richi