This article is more than 1 year old
The only Windows 10 updates for the year are coming. Spoiler alert: It's just security
What did you expect, HoloLens-ready Minesweeper and new skins for Calculator?
Microsoft is rolling out the only feature updates this year for Windows 10, with the IT giant describing it as a "scoped and streamlined" effort with a strong focus on security.
The Windows 10 version 22H2 updates – the 13th feature update of the venerable operating system – came the same day Microsoft announced the availability of new features for Windows 11 that were outlined when version 22H2 of the OS was unveiled last month.
Expect continued support for Windows 10 through 2025 – see the timeline here – but also plan on the limited scope of those fresh features with security as the driving theme. Microsoft will keep ensuring that users can continue to use the OS safely, but don't expect a ton of effort into splashy bells and whistles.
"Based on customer feedback we are providing a limited scope of new features and functionality delivered via a familiar, fast and reliable update experience," John Cable, vice president of program management for Windows servicing and delivery, wrote in a blog post yesterday.
"Version 22H2 will continue the recent Windows 10 feature update trend of being delivered in an optimized way using servicing technology.
"Windows 10, version 22H2 is a scoped release focused on quality improvements to the overall Windows experience in existing feature areas such as quality, productivity and security."
Beyond these broad sweeps, there wasn't much in the way of technical specifics about the features. The deepest sense of what's ahead came from Rick Munck, cloud solution architect in security for Microsoft, the security changes made in Windows 10 are aimed at bulking up protections around driver security, credential theft, printers, and account lockout.
For one thing, Microsoft is enabling Local Security Authority (LSA) – a feature first introduced with Windows 8.1 and is used to validate users when signing in locally or remotely and to enforce local security policies. This will now be run as a protected process, which will strengthen defenses against credential theft, Munck outlined.
- It's Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes
- PC shipments fall at fastest rate ever as businesses slam wallets shut
- Microsoft warns: Windows 11 update breaks provisioning
- Upcoming Outlook for Windows app opens to more testers
To reduce an enterprise's attack surface, there will now be a rule blocking the abuse of vulnerable signed drivers from being exploited as a standard part of Microsoft Defender Antivirus Group Policy. This is expected to apply "across both client and server and helps prevent an application from writing a vulnerable signed driver to disk," the cloud architect said.
An added policy will allow admins to lock out an account to thwart brute-force authentication attempts. Further, the 22H2 also corrected a mismatch between what the security baseline documentation said and the accompanying settings for Group Policy for Microsoft Defender Antivirus.
Printer security was a focus, including adding support for RedirectionGuard – which prevents the use of redirection primitives that were not created by an administrator from being followed – to the print service and enabling the CopyFilesPolicy for managing the processing of queue-specific files with the option of limiting such files to color profiles.
In addition, the ability to allow only administrators to install print drivers is contained within the OS.
Systems running Windows 10 versions 21H1, 21H2, and 20H2 – which share the same core system files with 22H2 – will get the update as an enablement package, but as an optional update it won't install automatically. Instead, the onus is on the enterprise or user to install it manually via Windows Update.
Those systems running older versions of Windows 10 will first get the May 2021 update before they can install this year's update.
Enterprise and Education users of version 22H2 will get 30 months of servicing, while Home and Pro users will get 18 months.
With Windows 11 version 22H2, this week expect to see Tabs for File Explorer to more easily organize files and switch between them and Suggested Actions in Windows. For example, the OS can highlight phone numbers or future dates in text, making them easy to click on and to call with Phone Link, Teams, or Skype, according to Shilpa Ranganathan, corporate vice president for Windows.
In addition, users will be able to pin more apps to the taskbar than there is space and enabling all the overflow apps to be viewed in one space, and when right-clicking the taskbar, they will have the option to move directly into Task Manager.
Also this week, Microsoft issued out-of-band (OOB) updates to fix a connection issue between Secure Sockets Layer (SSL) and Transport Layer Security (TLS) in a number of versions of Windows.
"For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer," Microsoft wrote in a support note. "If the connection fails, your app will receive the error, 'SEC_E_ILLEGAL_MESSAGE'."
The KB5020387 (OS Build 22000.1100) update addresses Windows 11 systems, while KB5020435 (OS Builds 19042.2132, 19043.2132, and 19044.2132) applies to Windows 10 versions 20H2, 21H1, 21H2, 22H1, and 22H2.
Microsoft rarely issues OOB patches, which are released outside of normal in-sequence updates or Patch Tuesday rollouts. ®