This is how Windows 11 and Windows 10 21H2 combat PrintNightmare, ransomware and other threats

Microsoft has just released a new security base pack for Windows 10 21H2 in the form of the Microsoft Security Compliance Toolkit.

The toolkit provides a Microsoft-recommended security facility to help administrators better manage Group Policy Objects (GPOs), among other things, without compromising security.

Here's how Microsoft defines its Security Compliance Toolkit:

"The Microsoft Security Compliance Toolkit enables enterprise security administrators to effectively manage their enterprise's Group Policy Object (GPO). Using this toolkit administrators can compare their current GPOs with those of their business. base GPOs recommended by Microsoft or others, edit them, store them in GPO backup file formats, and apply them via domain controller, or put them directly on the server for testing their effects".

The new security facility introduces some new policy settings such as restricting printer driver installation to prevent attack cases like PrintNightmare. There is also "Tamper Protection" which helps against ransomware and other threats. Edge Legacy installation is also removed under the new security basis.

This is how Windows 11 and Windows 10 21H2 combat PrintNightmare, ransomware and other threats Picture 1This is how Windows 11 and Windows 10 21H2 combat PrintNightmare, ransomware and other threats Picture 1

Regarding the limited installation of computer drivers, Microsoft shared:

"We have added a new setting to the MS Security Guide (Administrative TemplatesPrintersLimits print driver installation to Administrators) and enforced this activation. Note that this setting was previously a custom setting in SecGuide.admx/l and has now been moved in".

When it comes to Tamper Protection, Microsoft says it can block malware that does the following:

  1. Turn off virus and threat protection
  2. Turn off real-time protection
  3. Turn off behavior tracking
  4. Turn off anti-virus software (such as IOfficeAntivirus (IOAV))
  5. Turn off cloud delivery protection
  6. Remove security information updates
  7. Turn off automatic actions for detected threats

This new security base was also released for Windows 11 when this new operating system was officially released in October. Besides the changes mentioned above, the security base of Windows 11 also has more options for Script Scanning permission.

You can download the Microsoft Security Compliance Toolkit 1.0 here.

4 ★ | 3 Vote