It was an interesting week, to say the least. While the news was filled with a lot of interesting bits and bobs, I found one company dominating international headlines.
Good ol’ Microsoft.
Let’s start with a high. Microsoft recently introduced Windows 11 (surprise, surprise). It is a surprise because Microsoft made an earlier stance of not introducing anymore (refer to the Forbes article on the reference section). Well that aside, the new Windows also comes with a few caveats.
Firstly, it will only be supported in the newer Intel platforms (I was sore because I had an ASUS NUC and it works really well on Win10 but cannot update due to “outdated” CPU). The list of supported processors is listed down on References section link. This seem to be a direction in tying hardware compatibility to a platform, which is a bad idea, as Apple recently announced support on IOS for their older phone as well. Windows 11 can technically run on older platforms, but that choice and direction is made by Microsoft (if you want to continue in their platforms. (My 7-year-old MacBook Pro runs the latest OSX with no performance sacrifice in comparison).
TPM (Trusted Platform Module) was introduced in 2006 was an addon/auxiliary module to add cryptography and its supporting function, including key generation and storage. A convenient way of locking licenses and everything down to a hardware. It also supports IRM (Rights Management module). Security experts were quick to identify the TPM chip to be a source of problem as well. A ransomware app can reinitialise the TPM chip, generate the public key for encryption and encrypt the hard drive in the background. With the key being generated and manipulated within the motherboard, this will surely be a forest fire in the making (courtesy @GossiTheDog).
Support for Secure Boot is now made mandatory. Most new (I quote as 5 years and younger systems) will have BIOS level support for Secure Boot. I still remember the last time I turned in on, it was hell trying to even get Windows to be installed. Obviously, some kinks need to be sorted out, but it offers boot level protection to ensure that your boot records aren’t tampered with. Consider it a Ring-1 to Ring1 security support structure.
Microsoft, in its defense, was quoted saying that these measures are necessary to improve the security for consumers and businesses.
In summary, Microsoft has started enforcing forced obsolescence (so much so even their own product Surface will not support Win11). If I was a Surface customer (thankfully I am on a different platform), I’d be fuming as well. I remember going through a very painful process of justifying why an asset class in my previous employer needs to upgrade from Win7 to Win10 (which included both hardware and software upgrade). Windows 11 just made lives of CIO/CTO one notch harder and make Microsoft even more hated. It’s a serious financial pain now to remain on the Windows platform, and with alternatives such as Chromebook, *NIX and OSX, consumers and businesses may re-evaluate their choice of platforms.
And now for not so savoury stuff.
Microsoft made a blog post on their tracking of Nobellium activities and hack. For the uninitiated, Nobellium is the Microsoft name for the Solarwinds attackers.There’s something that stuck out on the blog, which I will put it out here for everyone to review.
“As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign. We responded quickly, removed the access and secured the device. The investigation is ongoing, but we can confirm that our support agents are configured with the minimal set of permissions required as part of our Zero Trust “least privileged access” approach to customer information. We are notifying all impacted customers and are supporting them to ensure their accounts remain secure. ”
Notice anything funny in that statement? Let’s break it down.
A customer support agent of Microsoft had a malware installed on their machine.The threat actor used that information to launch other attacks.
That’s the preface. Let’s dive in one more level.
Support agents are configured with minimal set of permissions as part of Zero Trust “least privilege access”.
This raises a lot of question.
- How did the malware install itself into the support agent’s machine if the support agent had least privilege?
- Are you saying, despite having Zero Trust, it failed? You mean Zero Trust failed?
When asking these questions, remember that you are posing these questions to Microsoft, the very people whose tools are used to build the OS, sells those tools, and provides a complete set of security capabilities that you trust to secure your environment.
It seems to me that not all details are being released. I mean, you’re talking about Microsoft. Whom (by right) should have everything (I mean all security features) turned on, tuned and working tip top. Including stuff like no local admins, no remote access… the works! (You get what I mean). Not another enterprise that breaks controls for reasons only justifiable to them.
Not too long ago I posted this on my Linkedin.
In one hand, I feel sorry for Microsoft. They’ve put so much effort in improving the security of their tools and platform. In another, these marketing bits get them into whole load of trouble.
- https://blogs.windows.com/windowsexperience/2021/06/24/introducing-windows-11/ Introducting Windows 11
- https://www.forbes.com/sites/gordonkelly/2015/05/08/microsoft-windows-10-last-windows/ – Forbes on why Windows 10 will be the last
- https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors Windows 11 Processor Support list