Windows 11 Will Support Rolling Back to Windows 10, but Not for Long

Technology

ExtremeTech 09 July, 2021 - 06:30am 12 views

When does Windows 11 come out?

Upgrades to Windows 11 will begin to roll out late in 2021 and continue into 2022. During this time, we will be doing some behind-the-scenes testing and validating for your specific PC. Windows Update will provide an indication if and when your PC is eligible. You can check by going to Settings/Windows Update. microsoft.comUpgrade to the New Windows 11 OS

An emergency patch that Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said.

This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.

The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, which provides printing functionality inside local networks. Proof-of-concept exploit code was publicly released and then pulled back, but not before others had copied it. Researchers track the vulnerability as CVE-2021-34527.

Attackers can exploit it remotely when print capabilities are exposed to the internet. Attackers can also use it to escalate system privileges once they’ve used a different vulnerability to gain a toehold inside a vulnerable network. In either case, the adversaries can then gain control of the domain controller, which, as the server that authenticates local users, is one of the most security-sensitive assets on any Windows network.

“It's the biggest deal I've dealt with in a very long time,” said Will Dormann, a senior vulnerability analyst at the CERT Coordination Center, a federally funded US nonprofit that researches software bugs and works with business and government to improve security. “Any time there's public exploit code for an unpatched vulnerability that can compromise a Windows domain controller, that's bad news.”

After the severity of the bug came to light, Microsoft published an out-of-band fix on Tuesday. Microsoft said the update “fully addresses the public vulnerability.” But on Wednesday—a little more than 12 hours after the release—a researcher showed how exploits could bypass the patch.

“Dealing with strings & filenames is hard,” Benjamin Delpy, a developer of the hacking and network utility Mimikatz and other software, wrote on Twitter.

Accompanying Delpy’s tweet was a video that showed a hastily written exploit working against a Windows Server 2019 that had installed the out-of-band patch. The demo shows that the update fails to fix vulnerable systems that use certain settings for a feature called Point and Print, which makes it easier for network users to obtain the printer drivers they need.

Buried near the bottom of Microsoft's advisory from Tuesday is the following: "Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible."

The incomplete patch is the latest gaffe involving the PrintNightmare vulnerability. Last month, Microsoft’s monthly patch batch fixed CVE-2021-1675, a print spooler bug that allowed hackers with limited system rights on a machine to escalate privilege to administrator. Microsoft credited Zhipeng Huo of Tencent Security, Piotr Madej of Afine, and Yunhai Zhang of Nsfocus with discovering and reporting the flaw.

A few weeks later, two different researchers—Zhiniang Peng and Xuefeng Li from Sangfor—published an analysis of CVE-2021-1675 that showed it could be exploited not just for privilege escalation but also for achieving remote code execution. The researchers named their exploit PrintNightmare.

Eventually, researchers determined that PrintNightmare exploited a vulnerability that was similar (but ultimately different from) CVE-2021-1675. Zhiniang Peng and Xuefeng Li removed their proof-of-concept exploit when they learned of the confusion, but by then their exploit was already widely circulating. There are currently at least three proof-of-concept exploits publicly available, some with capabilities that go well beyond what the initial exploit allowed.

Microsoft’s fix protects Windows servers that are set up as domain controllers or Windows 10 devices that use default settings. Wednesday’s demo from Delpy shows that PrintNightmare works against a much wider range of systems, including those that have enabled a Point and Print and selected the NoWarningNoElevationOnInstall option. The researcher implemented the exploit in Mimikatz.

Besides trying to close the code-execution vulnerability, Tuesday’s fix for CVE-2021-34527 also installs a new mechanism that allows Windows administrators to implement stronger restrictions when users try to install printer software.

“Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server,” a Microsoft advisory stated. “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. So far there are no known cases of researchers saying it puts systems at risk. Unless that changes, Windows users should install both the patch from June and from Tuesday and await further instructions from Microsoft. Company representatives didn’t immediately have a comment for this post.

Hacker Breaks Down Hacking Scenes From Movies & TV

Once again, hacker and security researcher Samy Kamkar takes a look at a variety of hacking scenes from popular media and examines their authenticity. Is the 3D file system from Jurassic Park real? Can you actually hack a smart fridge like in Silicon Valley? Is there a difference between a virus and a worm?

Read full article at ExtremeTech

Which PCs can upgrade to Windows 11?

PCWorld 10 July, 2021 - 06:21am

Can my PC run Windows 11? Microsoft hasn’t made that question easy to answer, as Windows 11’s hardware requirements have been confusing, not least by the need for TPMs. Microsoft itself pulled the PC Health Check app, which was one of the few ways that you could tell if your PC qualified for Windows 11.

Now, some PC makers are simply telling you whether your PC can upgrade to Windows 11, or if you’ll need to buy a new one. Below, you’ll find links to the major PC makers who've published such lists.

Some have included FAQs or explanations of the Windows 11 hardware requirements as additional context. You can find more information about this and other relevant Windows 11 topics in our Windows 11 superguide

Acer currently isn’t highlighting its existing PCs that can run Windows 11, as some other manufacturers in our list do. The company’s Windows 11 page pushes potential customers to buy the Acer Swift 3, and the many Acer Swift 3 models that it offers. We’re not entirely sure if Acer’s Swift 3 (SF313-52-78W6) from 2020 will qualify for Windows 11, though the cutoff date from other manufacturers appears to be 2019 or so. We would imagine that Acer’s Swift 3x (2021) would also qualify for Windows 11, though Acer has yet to confirm this. 

Acer’s recent Swift 3s are supported by Windows 11.

Acer also owns Gateway, and Gateway’s support page doesn’t currently mention Windows 11. 

Asus has published a general overview of Windows 11, including some of the features that Microsoft’s latest OS offers. But you’ll want to dive into this massive list of Asus PCs that will receive Windows 11 to be truly sure. You may need to click the appropriate tab at the top of the page.

Make sure that you know your model number—you can find it on the bottom of the laptop, as Asus explains.  That’s important, as PCs that qualify for Windows 11, such as the superb Asus ROG Strix G15 Advantage Edition, can carry model numbers specific to a particular retailer. 

Dell provides a thorough, easy-to-use list of Dell PCs that can run Windows 11, from its Alienware gaming desktops and laptops right through to its Vostro line and Precision workstations. Dell also provides a handy Dell-specific Windows 11 FAQ, which notes that all Dell PCs currently sold on Dell.com will be upgradable to Windows 11, beginning “late in 2021.” (Microsoft has said that Windows 10-to-11 upgrades won’t happen until 2022, but it’s possible that OEM systems may receive special treatment.)

Dell’s XPS 13 7390 appears to be one of the oldest Dell PCs that will be officially upgradable to Windows 11.

“If your device is not listed, Dell is not testing the device and drivers will not be upgraded for that model,” Dell says. “If your device ships with a version of Windows 11, drivers are available for that version and testing is not necessary.”

We haven’t checked every device on this list, but the oldest XPS laptop that qualifies for Windows 11 appears to be the Dell XPS 13 7390, which we reviewed in November, 2019. Unsure which Dell PC you have? Dell’s SupportAssist tool can help.

Dynabook, the smaller PC maker which has taken over for Toshiba, hasn’t said much about its Windows 11 plans. It has, however, released a statement: “Dynabook is excited about the arrival of Windows 11 and we look forward to adding it to our portfolio of the world-class mobile computing solutions - Portégé, Tecra and Satellite Pro.” The company hasn’t said when that will happen, however, or whether any models will be excluded.

HP’s Windows 11 site includes a brief Windows 11 FAQ. There are two key points: First, HP’s introduction includes the disclaimer that “our current Windows-based PCs will be upgradeable to Windows 11 when it’s available later this year.” Second, HP says that PCs sold on its site will include a “badge” that indicates that they can be upgraded to Windows 11. HP representatives referred us back to Microsoft’s Windows 11 hardware specifications when we asked for further clarification.

HP’s original press release also lists several specific HP models that it says will support Windows 11:

HP specifically called out this Spectre x360 14 as one of the laptops you’ll be able to upgrade to Windows 11.

HP’s press release does provide some wiggle room for including PCs that do not appear on the list, including older Omens. Your best bet is to look for the Windows 11 badge on PCs sold on HP’s site. (The badges, from what we can see, have yet to appear.)

So far, Lenovo hasn’t done much to promote Windows 11 except to reproduce some of Microsoft’s guidance via a Windows 11 FAQ, which clarifies certain aspects that we already know, such as whether it’s free (it is) and so on. 

Interestingly, if you search for “Windows 11” on the site, Lenovo.com’s list of “Windows 11” search results includes what the page title lists as “Free Upgrade PCs to Windows 11 OS.” You might expect some additional clarifying language on the page making it explicit that these PCs do indeed qualify for Windows 11. That language doesn’t currently appear, so we checked with Lenovo: The PCs on the page qualify for Windows 11 upgrades, we’re told.

Microsoft was one of the first PC vendors to highlight that several of its older Surface PCs could not run Windows 11—clearly indicating that Microsoft wasn't playing favorites with its new hardware requirements. We’ve listed the Surfaces that qualify for Windows 11 as part of our earlier story. If you own an older Surface Pro tablet or a first-generation Surface Book, you’re out of luck. 

Microsoft’s Surface Book 3 is one of the devices Microsoft has approved for Windows 11.

You might think that Microsoft’s online store would offer some information about whether the PCs it sells would be Windows 11-compatible, but no luck so far.

MSI has done an excellent job of explicitly telling you which of its PCs will support Windows 11, with an extensive list of Windows 11-supported PCs as well as a FAQ (PDF) too. The latter information seems sourced directly from Microsoft.

What’s interesting, though, is that MSI lists only desktops and all-in-one PCs as candidates for Windows 11. There’s not a single consumer laptop on the list, such as the MSI GE76 Raider

Razer also hasn’t said much about Windows 11, and the company hasn’t set aside any space on its website for Windows 11 information. We’ve asked Razer which of its PCs will be eligible for Windows 11, and we’ll add that information to this page when we get it. We would expect 2021’s Razer Book 13 and the 2020 Razer Blade Stealth would both be eligible for Windows 11. 

Samsung hasn’t said anything on Windows 11 that we can find, including anything on the company’s website. We’ve asked the company which Samsung PCs will be eligible for Windows 11, and we’ll add them to the list when we hear more.

We would expect that Samsung’s Galaxy Book Pro 360, a 2021 laptop, would be a good candidate for Windows 11. 

As PCWorld's senior editor, Mark focuses on Microsoft news and chip technology, among other beats.

PCWorld helps you navigate the PC ecosystem to find the products you want and the advice you need to get the job done.

Hands on with Windows 11: First impressions

Computerworld 10 July, 2021 - 06:21am

Windows 11 is in early preview right now, and it is far from feature complete; this phase of the deployment is typically focused on assuring hardware and application compatibility. Most of my newest desktop machines won’t yet run Windows 11 because they weren’t configured with their 2.0 Trusted Platform Modules (TPMs) turned on (an easy fix) or with Secure Boot enabled (a much more complicated fix).

I was, however, able to load the Windows 11 preview onto my Dell OptiPlex 7070 Ultra modular desktop successfully and without issues. If you decide to try out Windows 11, I suggest you load it overnight, as the upgrade takes several hours.

Windows 11’s taskbar looks like an updated blend of the Windows 10 taskbar and the macOS dock without the animations. It moves the icons to the center of the taskbar rather than the left, justifying them.

The new Start menu is centered and shows apps in a grid rather than a list. (Click image to enlarge it.)

Opening up the index of applications is similar in practice, but the result is very different and much closer to what you would see on a smartphone: the apps you most use are presented in an alphabetized grid and not a list as in earlier versions of Windows. This change made it far faster for me to find specific applications than had been the case earlier.

Switching to the complete app list is quick and easy, but it is an extra step from the default app list we had before. As with the default app list, the overall effect is closer to what we are used to on a smartphone. Once you get used to this new layout, it does feel more efficient.

Settings do not immediately pop up when you hit the Windows icon, which is still on the left but now centered with the other app icons in the taskbar. The icons on my home screen and my background were unchanged. Once you open Settings, however, the layout is significantly different, and it may initially take you a while to find where the setting you want has moved.

The Settings app's layout is significantly different in Windows 11. (Click image to enlarge it.)

That said, the settings I look to most often, like software updates, were in view and not buried under a submenu, reducing my time to access them. As with the app lists, once you get used to the new Settings layout, you’re likely to find it more efficient to use.

Microsoft’s smartphone integration app, Your Phone, is working on this initial build, and it does a decent job of providing an onscreen view of some of your phone’s core features like texts and phone calls. It appears that it has a music feature as well, but currently that appears to be disabled. I did appreciate that you could drag a photo from the visible representation of your phone and into email from your PC desktop interface. The app is both easier to use and more useful than the last time I used it.

During this phase of the rollout, the platform typically isn’t optimized yet for performance. Still, I didn’t notice any individual wait states or performance degradation on the Dell PC. This lack of noticeable performance penalty suggests there may be a slight performance boost when we get closer to the product’s official release.

While there were minor improvements, there was nothing about Windows 11 that knocked my socks off at this time. But that is expected at this early phase, which is primarily focused on hardware/software compatibility and is not yet feature complete. This phase of the testing isn’t supposed to be exciting; it’s just supposed to work, and Windows 11 did work with minimal disruption or retraining.

The updated OS went in clean with no errors, my core apps all worked fine, and the Your Phone app showed a usability improvement, even though at least one of the newer features didn’t appear to be active yet. I’ll provide updates as the product becomes more feature complete, but, for now, I don’t see any significant problems beyond the known need for a current TPM and Secure Boot.

Your Phone provides a handy way to see your phone's notifications, messages, calls, and photos. (Click image to enlarge it.)

Anyone using a business PC, laptop, or desktop that’s within three years old, configured with TPM 2.0, and with Secure Boot enabled should have a similar Windows 11 experience to mine. Windows 11 may not install on many consumer or education-focused PCs if they don’t at least have a current TPM.

The TPM 2.0 and Secure Boot requirements for Windows 11 should result in far more PCs that are secure, as many PCs support those technologies but don’t have them turned on. Other systems will need to be replaced, although not necessarily right away: Windows 10 support will continue until at least 2025.

With the significant increase in ransomware attacks, putting off anything that increases the security of PCs comes with inherent risk, and it may be wiser to go early rather than late on this latest Windows version. Best practice, however, is to wait at least two months after general release before deploying to make sure new problems are identified and corrected before your installation. Often a good time for an update like this is during the holiday break, where any problems will have a minimal impact on productivity.

One last note: When I checked the security features after the Windows 11 installation, they were turned off, and I had to turn them on manually. Do check these features if you load the current build of Windows 11; the irony of installing a more secure version of Windows 11 only to find security turned off is painful at best.

Copyright © 2021 IDG Communications, Inc.

Copyright © 2021 IDG Communications, Inc.

We asked, you told us: Most of you plan to upgrade to Windows 11

Android Authority 09 July, 2021 - 04:52am

Still, a major Windows update is hardly a guarantee that consumers will upgrade. After all, we’ve previously seen users hold off on upgrading their version of Windows for a variety of reasons. Nevertheless, we asked Android Authority readers whether they planned to upgrade to Windows 11. Here’s what you told us.

A grand total of over 3,800 votes were cast after we posted the poll on Monday, July 5. And the results show that almost two-thirds of respondents indeed plan to upgrade to Windows 11. This isn’t a surprise given that enthusiasts often want to run the latest and greatest platform updates. Furthermore, the new Windows upgrade indeed brings a few great features to the table.

Almost 20% of polled readers said they planned to upgrade but their PCs weren’t compatible. You’d think consumers are holding onto their PCs for longer, therefore resulting in this option potentially having more votes. Then again, we saw a major global spike in PC shipments in 2020 and 2021 as the work-from-home trend exploded during the pandemic. Some readers also note in the comments that they’re part of the Windows Insider program and are allowed to install preview versions on their unsupported machines for now.

Finally, 17.7% of respondents say they don’t plan to upgrade to Windows 11 at all. We’ve seen this trend happen before with previous Windows upgrades, owing to everything from incompatibility issues to performance concerns. Still, if it ain’t broke, right?

Thanks for voting in our poll and for the comments! Do you expect Microsoft to relax system requirements for Windows 11 down the line?

Technology Stories