Advanced Threat Defense
The latest Advanced Threat Defense coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows 11 Driver Signing: The Best Security Feature Is Also the Most Anti-Consumer
Windows 11's mandatory driver signing effectively blocks kernel malware and underpins modern anti-cheat, but it also locks out hobbyists, legacy hardware, and small open-source projects with costly certification barriers. The feature is both a security triumph and a consumer rights problem that demands a more inclusive path forward for trusted non-commercial development.
Microsoft Confirms: TLS 1.3 Will Keep Breaking IIS Express mTLS on Windows 11, No Permanent Fix Planned
Microsoft confirms that TLS 1.3 on Windows 11 permanently breaks IIS Express’s ability to request client certificates for mTLS, offering only workarounds like disabling TLS 1.3 or manually editing http.sys bindings. No transparent fix is planned for the developer server, though full IIS now provides a client-cert negotiation option. Developers must adopt temporary, often security-compromising workarounds while ecosystem support for TLS 1.3 post-handshake authentication remains weak.
Windows 11 August Update: Microsoft and Phison Deny SSD Bricking, But Narrow Edge Case Persists
Microsoft and Phison have denied a widespread SSD bricking problem linked to the Windows 11 KB5063878 update, citing extensive telemetry and lab testing. However, a narrowly reproducible edge case involving sustained large writes on partially filled NVMe drives persists, warranting caution and robust backup practices.
Microsoft enforces Azure MFA by October 2025 as Meta patches zero-click WhatsApp flaw CVE-2025-55177, making identity the new enterprise perimeter.
Meta patches a zero-click WhatsApp vulnerability (CVE-2025-55177) while Microsoft mandates MFA for Azure write operations starting October 2025. The two moves underline that identity is the new enterprise perimeter and shadow IT, automation migration, and phishing-resistant authentication must be immediate priorities.
Windows 11 25H2 Lands as a Stability-First Enablement Update, Drops PowerShell 2.0 and WMIC
Windows 11 version 25H2 arrives as a compact enablement package that shares a codebase with 24H2, delivering no splashy consumer features but bringing significant security and management changes. Key moves include removing PowerShell 2.0 and WMIC, adding new admin controls to trim preinstalled Store apps, and prioritizing stability to rebuild enterprise confidence. IT pros must now inventory and remediate legacy scripts before the upgrade, while consumers can expect a quiet, low-friction update.
Windows 11 Slips Below 50% in August as Microsoft’s ESU Option Gives Users a Pause Button
Windows 11 slipped to 49.02% market share in August 2025 according to Statcounter, while Windows 10 rebounded to 45.65%. The dip coincides with Microsoft's consumer ESU program, which lets users stay on Windows 10 for $30 or free via OneDrive sync, reducing upgrade urgency. Rollbacks, business testing, and statistical noise also contributed.
WPAD Service Disabled? Windows 11 24H2 Will Break Your Corporate Network
Windows 11 24H2 silently disables network adapters when the WPAD (WinHttpAutoProxySvc) service is turned off—a common security hardening move. Microsoft has issued partial fixes but indicated a full revert is unlikely, forcing IT teams to re-enable WPAD (with security risks) or surgically remove the new WcmSvc dependency.
Windows Defender’s Linux ISO False-Positive Epidemic: How to Separate Alarms from Real Danger
Windows Defender and other antivirus programs frequently flag Linux ISO downloads as malicious, especially security distributions like Kali Linux. These alerts are overwhelmingly false positives caused by aggressive container scanning, pentesting tools that mimic malware, and signature collisions. A calm, methodical verification process—checking SHA256 hashes, GPG signatures, and using narrow file exclusions—lets users safely dismiss most warnings while preserving system protection.
Microsoft Delivers Windows 11 25H2 as a Tiny Enablement Package, Retires PowerShell 2.0 and WMIC
Microsoft has released Windows 11 version 25H2 (build 26200.5074) to the Release Preview channel as an enablement package that activates features already present in 24H2 systems. The update removes legacy PowerShell 2.0 and WMIC, introduces a policy to strip default Store apps from Enterprise and Education editions, and shares a servicing branch with 24H2, resetting support timelines. IT teams should immediately audit scripts and validate vendor tools ahead of the broad rollout.
Windows 10 Gains a One-Year Reprieve—But Only If You Activate OneDrive Backup by October 14
Microsoft ends free security updates for Windows 10 on October 14, 2025, but a one-year Extension Security Update (ESU) program is available. The easiest path to qualify is to enable Windows Backup, syncing your PC to OneDrive and signing in with a Microsoft account before the deadline. This article details all enrollment routes, the risks of inaction, and a step-by-step guide to securing your system.
SMB Signing Defaults, AES-256 Encryption Arrive as Microsoft Retires CIFS
Microsoft now enforces SMB signing by default in Windows Server 2025 and Windows 11 24H2, effectively blocking the obsolete and insecure CIFS/SMBv1 protocol. Modern SMB 3.1.1 offers AES-256 encryption, preauthentication integrity, multichannel performance, and SMB over QUIC, but admins must navigate naming confusion, cross-platform quirks, and careful migration steps to fully eliminate CIFS from enterprise networks.
Trend Micro WFBS Blamed for Daily RDP Blackouts on Windows Server—Mitigation Steps and Fix Emerge
A scheduled daily blackout of Remote Desktop sessions on Windows Server has been traced to Trend Micro Worry-Free Business Security. Behavior monitoring, synchronized scans, and Defender conflicts are the likely triggers. Administrators can apply exclusions for core RDP components, reschedule agent tasks, and manage Defender coexistence to mitigate the issue, while a vendor fix (version 6.7.4065/14.3.1342) has been reported and warrants testing.
Microsoft Secure Boot Certs Expire June 2026 — Act Now on Windows 10 ESU
Microsoft’s Secure Boot certificates will expire in June 2026, adding pressure on Windows 10 users to enroll in the Extended Security Updates (ESU) program before the October 14, 2025 deadline. The article details enrollment steps, free and paid paths, common issues, and long-term migration strategies.