Microsoft Windows Server 2022 has AES 256 encryption and Secured-Core to protect against state-sponsored hacking and commodity malware

Microsoft Windows Server 2022 LTSC Secured-Core
Microsoft Windows Server 2022 LTSC Secured-Core platform announced Pic credit: Edgar Oliver/Pixabay

Microsoft has confirmed that Windows Server 2022 is now available in preview. Windows Insiders have been testing the operating system for some time.

Microsoft has officially named the next Long-Term Servicing Channel (LTSC) release for Windows Server OS as Windows Server 2022. The company has confirmed the new OS will have several security improvements to protect against state-sponsored hacking attempts and commodity malware.

Microsoft Windows Server 2022 LTSC release to have AES 256 encryption and other security features:

Microsoft announced that Windows Server 2022 is now in preview and “provides secured connectivity enabled by industry-standard AES 256 encryption.” It will also improve hybrid server management with performance monitoring and event alerts in Windows Admin Center.

“Furthermore, this release includes significant improvements to Windows container runtime, such as virtualized time zones and IPV6 support for globally scalable apps, as well as containerization tools for .NET, ASP.NET, and IIS applications,” added Microsoft.

One of the most notable inclusions in Windows Server 2022 is the Secured-Core platform. It is Microsoft’s answer to the increasing firmware vulnerabilities that attackers try and exploit.

Hackers usually attempt to bypass a Windows machine’s Secure Boot. They currently have the added advantage of today’s endpoint security solutions lacking visibility at the firmware level.

Microsoft Windows Server 2022 Secured-core
Pic credit: Microsoft

Microsoft will build secured-core PCs in collaboration with OEM partners and silicon vendors. They will shield users attacks with the following features:

  • Loading Windows securely: Enabled with Hypervisor Enforced Integrity, a Secured-core PC only starts executables signed by known and approved authorities. Also, the hypervisor sets and enforces permissions to prevent malware from attempting to modify the memory and made executable
  • Firmware Protection: System Guard Secure Launch uses the CPU to validate the device to boot securely, preventing advanced firmware attacks
  • Identity Protection: Windows Hello allows you to sign-in without a password, Credential Guard leverages VBS to prevent identity attacks
  • Secure, hardware-isolated operating environment: Uses the Trusted Platform Module 2.0 and a modern CPU with Dynamic Root Of Trust Measurement (DRTM) to boot up your PC securely and minimizes firmware vulnerabilities

Owing to these improvements, servers can better shield themselves from firmware security bugs, cyberattacks, and unauthorized access. These servers can also secure users’ identity and domain credentials more effectively, in addition to booting securely.

Microsoft’s Server OS and Secured-core platform jointly offer several benefits, confirms Microsoft:

Windows Server 2022 is by far one of the most secure operating systems for servers, implied Microsoft. It packs some of the industry-leading security features such as TLS 1.3, virtual containers, etc.

Microsoft has noted the preventative defense capabilities of the Windows Server 2022 LTSC:

  • Enhanced exploit protection: Hardware innovations allow for robust and performant implementations of exploit mitigations. Hardware-enforced Stack Protection will take advantage of the latest chipset security extension, Control-flow Enforcement Technology.  This feature will secure the Windows Server 2022 and protected applications from a common exploit technique. Hackers often use Return-Oriented Programming (ROP) to hijack the intended control flow of a program.
  • Connection security: Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most deployed security protocol. It encrypts data to provide a secure communication channel between two endpoints. TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Windows Server 2022 includes TLS 1.3 enabled by default, protecting the data of clients connecting to the server.
  • Improved account support for containers: Containers are being embraced by many customers as a preferred building block for their applications and services. Customers use group Managed Service Accounts (gMSA) as the recommended Active Directory identity solution for running a service across a server farm. Today, anyone trying to containerize their Windows services and applications that use gMSA is required to domain join their container host to enable gMSA functionality. This can cause scalability and management issues. Windows Server 2022 supports improvements to gMSA for Windows Containers that allow you to enable support for gMSA without domain joining the host.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x