Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Windows 11: Registry Keys, SMB Protocol, and SystemInfo
  • Data Breach

Windows 11: Registry Keys, SMB Protocol, and SystemInfo

5 years ago Andrew Swoboda
Windows 11: Registry Keys, SMB Protocol, and SystemInfo

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this.

Although I would normally install a new Windows OS in ESX, I installed Windows 11 using VMware Workstation which has support for Secure Boot and a TPM. Windows 11 installed without an issue, and after booting, the most notable change was the GUI which is not terrible. However, it was the items that did not change that caught my eye. These items have been known to change with newer versions of Windows. VERT uses some of these indicators to accurately detect the versions of Windows. With these indicators not being updated, VERT will need to find additional methods to accurately detect the operating system.

Registry Keys

There was only one registry in HKLM that contained the string “Windows 11.” Microsoft usually updates the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersion with the version of Windows. However, with Windows 11, you can see that the following keys have been updated: CurrentBuild, CurrentBuildNumber, and UBR. The CurrentBuild (22000) and UBR (194) form the build version for Windows 11 (https://docs.microsoft.com/en-us/windows/release-health/windows11-release-information). However, the ProductName value still calls this operating system “Windows 10.”

Windows 11
Windows 10
Windows 10

The SMB Protocol

The SMB protocol on Windows 11 advertises that the environment is running Windows 10. This could fool people into believing that this operating system is Windows 10 with the build version of 22000. However, Windows 10 does not currently have a build with a version of 22000 (https://docs.microsoft.com/en-us/windows/release-health/release-information, https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).

Windows 11 Direct SMB
Windows 11 – Direct SMB
Windows 10 version 21H1
Windows 10 version 21H1 – Direct SMB

SystemInfo

Systeminfo provides the correct operating system name, but it looks like the OS version is using 10 and not 11.

11 Enterprise
11 Pro
Windows 10 Enterprise

Windows 11 seems to have remnants of Windows 10 left behind in the registry and SMB. This does not seem like a mistake because Windows 11 feels more like a feature update for Windows 10. The only difference with this update is that Windows 11 forces users to use secure boot and to have a compatible TPM. Any system that does not support these requirements will be left to use Windows 10 or an alternative operating system.

The post ” Windows 11: Registry Keys, SMB Protocol, and SystemInfo” appeared first on TripWire

Source:TripWire – Andrew Swoboda

Tags: Encryption, Microsoft, TripWire, VMWARE

Continue Reading

Previous Rickroll Grad Prank Exposes Exterity IPTV Bug
Next CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

More Stories

  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Most Remediation Programs Never Confirm the Fix Actually Worked

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

22 hours ago [email protected] (The Hacker News)

Recent Posts

  • 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
  • Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
  • Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
  • [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
  • Most Remediation Programs Never Confirm the Fix Actually Worked

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT