Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform.
Windows Server 2022 “provides secured connectivity enabled by industry-standard AES 256 encryption,” Microsoft said.
The next Windows Server release will also improve hybrid server management by enhancing performance monitoring and event alerts in Windows Admin Center.
“Furthermore, this release includes significant improvements to Windows container runtime, such as virtualized time zones and IPV6 support for globally scalable apps, as well as containerization tools for .NET, ASP.NET, and IIS applications,” Microsoft added at Microsoft Ignite 2021.
This release will also bring Secured-core to Windows Server for added protection against a wide range of threats for systems running workloads on Windows Server 2022.
Built-in protection from threats
Secured-core PCs come as a solution for the number of increasing firmware vulnerabilities that attackers can exploit to bypass a Windows machine’s Secure Boot and the lack of visibility at the firmware level present in today’s endpoint security solutions.
Built-in protection capabilities designed to defend users against threats (both state-sponsored hacking attacks and commodity malware) abusing firmware and driver security flaws are included with all Secured-core PCs since October 2019.
They can also defend users against malware designed to take advantage of driver security flaws to disable security solutions.
Secured-core PCs built by Microsoft in collaboration with OEM partners and silicon vendors protect users against such attacks by following these requirements:
- Loading Windows securely: Enabled with Hypervisor Enforced Integrity, a Secured-core PC only starts executables signed by known and approved authorities. Also, the hypervisor sets and enforces permissions to prevent malware from attempting to modify the memory and made executable
- Firmware protection: System Guard Secure Launch uses the CPU to validate the device to boot securely, preventing advanced firmware attacks
- Identity protection: Windows Hello allows you to sign-in without a password, Credential Guard leverages VBS to prevent identity attacks
- Secure, hardware-isolated operating environment: Uses the Trusted Platform Module 2.0 and a modern CPU with dynamic root of trust measurement (DRTM) to boot up your PC securely and minimizes firmware vulnerabilities
All Secured-core PCs follow these provisions to boot securely, protect themselves from firmware security bugs, shield the OS from attacks, prevent unauthorized access, and secure users’ identity and domain credentials.
Secured-core for Azure IoT Edge devices
Microsoft also introduced the Edge Secured-core device label at Microsoft Ignite 2021 to identify Azure IoT Edge devices that meet the Secured-core spec.
The new device label is no in public preview within the Azure Certified Device program after previously being announced for Windows enterprise devices.
“Now, enterprise customers seeking Internet of Things (IoT) devices that meet the Azure defined security bar can easily identify device models that have the Edge Secured-core label in the Azure Device Catalog,” Microsoft said.
“As part of this requirement, devices will have Azure Defender for IoT built-in.”