Microsoft has this week announced a new update to the way that it’s Windows 10 operating system deals with new SSD drives it discovers. Previously if the SSD was already encrypted Microsoft would leave the drive alone. Now by default Microsoft’s Windows 10 operating system will automatically format and encrypt any new SSD drives connected to a Windows 10 system encrypting the drive with BitLocker.
Via Twitter the team at SwiftOnSecurity explains a little more behind why Microsoft has decided to no longer trust SSD manufacturers, saying: “Microsoft gives up on SSD manufacturers: Windows will no longer trust drives that say they can encrypt themselves, BitLocker will default to CPU-accelerated AES encryption instead. This is after an exposé on broad issues with firmware-powered encryption. “
The release notes for the Microsoft Windows 10 KB4516071 update explain a little more about how the new BitLocker windows 10 encryption process works. “Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.”
A few other quality improvements for the non-security Windows 10 update include :
– Addresses an issue that causes excessive central processing unit (CPU) usage when users switch applications or hover over the Taskbar.
– Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
– Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate.
– Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate.
– Addresses a possible compatibility issue when Microsoft Defender Advanced Threat Protection (ATP) accesses case-sensitive Server Message Block (SMB) shares.
For a full list of all the improvements and fixes rolling out in the Windows 10 KB4516071 update jump over to the official Microsoft support site.