Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Windows 11: Registry Keys, SMB Protocol, and SystemInfo
  • Data Breach

Windows 11: Registry Keys, SMB Protocol, and SystemInfo

4 years ago Andrew Swoboda
Windows 11: Registry Keys, SMB Protocol, and SystemInfo

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this.

Although I would normally install a new Windows OS in ESX, I installed Windows 11 using VMware Workstation which has support for Secure Boot and a TPM. Windows 11 installed without an issue, and after booting, the most notable change was the GUI which is not terrible. However, it was the items that did not change that caught my eye. These items have been known to change with newer versions of Windows. VERT uses some of these indicators to accurately detect the versions of Windows. With these indicators not being updated, VERT will need to find additional methods to accurately detect the operating system.

Registry Keys

There was only one registry in HKLM that contained the string “Windows 11.” Microsoft usually updates the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersion with the version of Windows. However, with Windows 11, you can see that the following keys have been updated: CurrentBuild, CurrentBuildNumber, and UBR. The CurrentBuild (22000) and UBR (194) form the build version for Windows 11 (https://docs.microsoft.com/en-us/windows/release-health/windows11-release-information). However, the ProductName value still calls this operating system “Windows 10.”

Windows 11
Windows 10
Windows 10

The SMB Protocol

The SMB protocol on Windows 11 advertises that the environment is running Windows 10. This could fool people into believing that this operating system is Windows 10 with the build version of 22000. However, Windows 10 does not currently have a build with a version of 22000 (https://docs.microsoft.com/en-us/windows/release-health/release-information, https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).

Windows 11 Direct SMB
Windows 11 – Direct SMB
Windows 10 version 21H1
Windows 10 version 21H1 – Direct SMB

SystemInfo

Systeminfo provides the correct operating system name, but it looks like the OS version is using 10 and not 11.

11 Enterprise
11 Pro
Windows 10 Enterprise

Windows 11 seems to have remnants of Windows 10 left behind in the registry and SMB. This does not seem like a mistake because Windows 11 feels more like a feature update for Windows 10. The only difference with this update is that Windows 11 forces users to use secure boot and to have a compatible TPM. Any system that does not support these requirements will be left to use Windows 10 or an alternative operating system.

The post ” Windows 11: Registry Keys, SMB Protocol, and SystemInfo” appeared first on TripWire

Source:TripWire – Andrew Swoboda

Tags: Encryption, Microsoft, TripWire, VMWARE

Continue Reading

Previous Rickroll Grad Prank Exposes Exterity IPTV Bug
Next CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

More Stories

  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

24 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

1 day ago [email protected] (The Hacker News)

Recent Posts

  • http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html
  • [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate
  • Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
  • When Cloud Outages Ripple Across the Internet
  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT