Microsoft Introduces Windows Baseline Security Mode and App Permission Prompts in Windows 11
Microsoft detailed two Windows security initiatives—Windows Baseline Security Mode and User Transparency and Consent—aimed at making Windows 11 behave more like mobile platforms in how it gates access to sensitive resources. Under User Transparency and Consent, Windows will prompt users when applications request access to protected data and device features (e.g., files, camera, microphone) and when installers attempt to add additional software; decisions will be recorded so users can review and change permissions later, including revoking previously granted access.
Windows Baseline Security Mode is intended to enable runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to run while still permitting user/IT-admin exceptions for operational needs. Microsoft positioned the changes under its Secure Future Initiative and aligned them with the Windows Resiliency Initiative, noting a phased rollout in partnership with developers and enterprises and building on prior controls such as Smart App Control and administrator protection.
Related Entities
Organizations
Sources
Related Stories
OS Privacy and Security Changes in Android 17 Beta and Windows 11 Insider Builds
Google released the second beta of **Android 17** with new privacy-focused platform behaviors and APIs aimed at reducing unnecessary access to sensitive data. Changes include a system-level **Contacts Picker** that grants apps only temporary access to user-selected contacts (including across personal/work profiles), a new `ACCESS_LOCAL_NETWORK` runtime permission to control discovery/connection to LAN devices (with an alternative path via system-mediated device pickers), and expanded safeguards for SMS one-time passwords by delaying most apps’ programmatic access to OTP messages for three hours (with exemptions for default SMS and approved companion apps, and guidance to use SMS Retriever/SMS User Consent APIs). Microsoft is testing **Windows 11** security and performance improvements for batch/CMD script execution in Insider Preview builds by adding an optional “secure processing mode” that prevents batch files from being modified while running. Administrators can enable it via the `LockBatchFilesInUse` registry value under `HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor` or via the `LockBatchFilesWhenInUse` application manifest control, reducing repeated signature validation when code integrity is enabled. Separately, commentary on **Windows telemetry** reiterates that Microsoft collects diagnostic data and suggests users can inspect telemetry themselves, but it does not describe a specific new security incident or vulnerability disclosure.
2 weeks ago
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
1 months ago
Windows 11 KB5074105 Preview Update Fixes Sign-in UI Bug and Adds UAC Gate for Storage Settings
Microsoft released the Windows 11 optional preview cumulative update **KB5074105** (for **Windows 11 24H2 and 25H2**) with multiple fixes and changes, including resolving a known issue where the **password sign-in option/icon could disappear** from lock screen sign-in options after installing updates dating back to the August 2025 preview update line. Affected users could still authenticate by hovering over the blank area where the password option should appear to reveal the hidden button; Microsoft reports the issue is addressed in KB5074105. The same KB5074105 preview update also introduces a local hardening change to reduce unauthorized interaction with sensitive system information by adding a **mandatory User Account Control (UAC) prompt** when accessing **Settings > System > Storage**. This change is intended to prevent non-admin users (or threat actors with local/remote access to a non-admin session) from viewing or manipulating detailed storage and temporary-file/system-file information without administrative approval, and is being rolled out as an optional “C-release” preview ahead of broader deployment.
1 months ago