Microsoft Windows 11 23H2 and 22H2 Made Less Secure than 24H2 Due to VBS Feature Removal

Microsoft Windows 11 23H2 and 22H2 Made Less Secure than 24H2 Due to VBS Feature Removal

Microsoft’s Decommissioning of VBS Enclaves: Implications for Windows Users

Microsoft has announced significant changes affecting the security landscape of older Windows 11 versions. Specifically, the tech giant plans to remove the Virtualization-Based Security (VBS) enclaves feature from Windows 11 builds prior to 24H2, including versions 23H2, 22H2, and similar Windows Server versions such as 2022 and earlier. This step raises concerns regarding the overall security strength of these operating systems.

The Announcement from Microsoft

In a recent statement, Microsoft clarified the situation regarding the support for VBS enclaves:

VBS enclaves are being deprecated on Windows 11, version 23H2 and earlier versions of Windows. Support for VBS enclaves will continue for Windows 11, version 24H2 and later. VBS enclaves are being deprecated on Windows Server 2022 and earlier versions of Windows Server. Support for VBS enclaves will continue for Windows Server 2025 and later.

Understanding VBS Enclaves

Initially introduced in July of the previous year, VBS enclaves serve as a critical security mechanism for Windows 11. This feature leverages Virtualization-Based Security to create isolated environments, thus enhancing memory safety for applications. It does so by establishing virtual trust levels (VTL) within a software-based Trust Execution Environment (TEE).

Concerns Over Security Impact

The discontinuation of this feature raises questions, especially since VBS is emphasized as an essential security component by Microsoft. The reason behind removing a key aspect of this technology from older operating systems remains unspecified by the company. Furthermore, this change could potentially make these versions more vulnerable to security threats.

Microsoft’s Approach to Security Updates

Microsoft’s strategy often involves phasing out outdated security standards to enhance overall software security. Recent changes, like those made to user data collection in Microsoft Edge and the gradual elimination of ActiveX in Office applications, highlight this trend. The removal of VBS enclaves from prior Windows versions follows a similar rationale, albeit the intent is less clear this time.

Notable Vulnerabilities and Updates

While VBS enclaves aim to bolster security, they are not immune to vulnerabilities. In January, Microsoft addressed a local elevation of privilege (LPE) vulnerability associated with VBS enclaves, identified as CVE-2025-21370. In a move towards better memory safety, Microsoft has also begun incorporating the Rust programming language into the Windows kernel starting with the 23H2 version of Windows 11.

Recommendations for Users

For users concerned about the implications of this decision, it is advisable to review the list of deprecated features on Microsoft’s official website here. Staying informed about these changes is crucial for maintaining system security.

For more detailed information and updates, please refer to the original source.

Related Articles:

Key Kpop Industry Controversies to Watch in 2025
Apple patches two zero-day vulnerabilities targeting customer privacy

Leave a Reply

Your email address will not be published. Required fields are marked *