Windows 10 Anniversary Update to include lots of security improvements

Microsoft has posted more details on how the upcoming Windows 10 Anniversary Update will include a number of security improvements for the OS. The update will be released for free to all Windows 10 users on August 2.

In a blog post, Rob Lefferts, Microsoft's Director of Program Management, Windows Enterprise and Security, goes over some of those security upgrades. One of them is that the TPM (Trusted Platform Module) 2.0 will be available for all PC OEMs to use in their hardware products:

Now with the Windows 10 Anniversary Update, Windows Hello's biometrics validation components and the user's biometric data will be moved into this environment to help further ensure this data remains secure from the most advanced threats.

The Microsoft Edge web browser will get some more security improvements for the Windows 10 Anniversary Update:

  • The use of our AppContainer sandboxing technology enables us to isolate the browser from the rest of the OS, apps and user data.
  • A new plug-in model prevents plug-ins implemented with insecure designs from running.
  • New mitigations in ASLR and Control Flow Guard harden the browser from code injection and memory corruption attacks to help defeat common exploit techniques, such as heap spraying and ROP.
  • Untrusted and malicious fonts that were served by web pages and embedded in docs are now blocked and the font parsing code has been sandboxed.

The Windows Hello biometric sign-in feature that launched with Windows 10 will also get some improvements for the Anniversary Update:

We have fully integrated Windows Hello into one seamless stack. The integrated code base in Windows Hello will support the full range of biometric authentication factors and manage user credentials used for authentication.Today, Windows Hello requires enrollment of the user's identity on each and every device they want to use. However, some organizations have requirements that prevent the enrolment of user credentials onto a PC or mobile device. Those users can now take advantage of Windows Hello Companion Devices and Apps, which enable the Windows Hello factors of authentication and the credentials themselves to be distributed across devices in nearly any possible configuration.

Enterprise users of Windows 10 will be able to access the new Windows Defender Advanced Threat Protection for the Anniversary Update:

Building on the existing security defenses Windows 10 offers today, WDATP provides a new post-breach layer of protection to the Windows 10 security stack. With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, providing enterprises with information they need to investigate breaches across endpoints, and offer response recommendations.

John Callaham