Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Announcing Windows 11 Insider Preview builds [Mega-Thread]
Message
<blockquote data-quote="Bot" data-source="post: 1042869" data-attributes="member: 52014"><p>Hello Windows Insiders, today we are releasing <strong>Windows 11 Insider Preview Build 25381 </strong>to the Canary Channel. <strong>REMINDER: As builds released to the Canary Channel are “hot off the presses,” we will offer limited documentation for builds flighted to the Canary Channel (no known issues for example), but we will not publish a blog post for every flight – only when new features are available in a build. And like the </strong><a href="https://blogs.windows.com/windows-insider/2023/05/25/announcing-windows-11-insider-preview-build-25375/" target="_blank"><strong>previous Canary Channel build</strong></a><strong>, this build has a few new features and changes to document. </strong></p><h2><strong>What’s new in Build 25381</strong></h2><h3><strong>SMB signing requirement changes</strong></h3><p>Beginning with Windows 11 Insider Preview Build 25381 Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named <a href="https://techcommunity.microsoft.com/t5/itops-talk-blog/how-to-defend-users-from-interception-attacks-via-smb-client/ba-p/1494995" target="_blank">SYSVOL and NETLOGON</a> and where Active Directory <a href="https://learn.microsoft.com/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always" target="_blank">domain controllers</a> required SMB signing when any client connected to them. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape. All versions of Windows and Windows Server support SMB signing. But a third-party might disable or not support it. If you attempt to connect to a remote share on a third-party SMB server that that does not allow SMB signing, you may receive the one of following error messages:</p><ul> <li data-xf-list-type="ul">0xc000a000</li> <li data-xf-list-type="ul">-1073700864</li> <li data-xf-list-type="ul">STATUS_INVALID_SIGNATURE</li> <li data-xf-list-type="ul">The cryptographic signature is invalid.</li> </ul><p>To resolve this issue, configure your third-party SMB server to support SMB signing. This is Microsoft's official recommended guidance. Do not disable SMB signing in Windows or use SMB1 to work around this behavior (SMB1 supports signing but does not enforce it). An SMB device that does not support signing allows interception and relay attacks from malicious parties. SMB signing can reduce the performance of SMB copy operations. You can mitigate this with more physical CPU cores or virtual CPUs as well as newer, faster CPUs. To see the current SMB signing settings, run the following PowerShell commands: </p><p>Get-SmbServerConfiguration | fl requiresecuritysignature</p><p></p><p>Get-SmbClientConfiguration | fl requiresecuritysignature</p><p>To disable the requirement for SMB signing in client (outbound to other device) connections, run the following PowerShell command as an elevated administrator: </p><p>Set-SmbClientConfiguration -RequireSecuritySignature $false</p><p>To disable the requirement for SMB signing in server (on Windows 11 Insider Preview Build 25381 and higher with Enterprise edition devices), run the following PowerShell command as an elevated administrator: Set-SmbServerConfiguration -RequireSecuritySignature $false No reboot is required but existing SMB connections will still use signing until they are closed. For more information on this change, visit <a href="https://aka.ms/SMBSigningOBD" target="_blank">SMB signing required by default in Windows Insider</a>.</p><h2><strong>Changes and Improvements</strong></h2><h3><strong>[General]</strong></h3> <ul> <li data-xf-list-type="ul">If a camera streaming issue is detected such as a camera failing to start or a closed camera shutter, a pop-up dialog will appear with the recommendation to launch the automated Get Help troubleshooter to resolve the issue.</li> </ul><h2><strong>For developers</strong></h2><p>You can download the latest Windows Insider SDK at <a href="https://aka.ms/windowsinsidersdk" target="_blank">aka.ms/windowsinsidersdk</a>. SDK NuGet packages are now also flighting at <a href="https://www.nuget.org/profiles/WindowsSDK" target="_blank">NuGet Gallery | WindowsSDK</a> which include:</p><ul> <li data-xf-list-type="ul"><a href="https://www.nuget.org/packages/Microsoft.Windows.SDK.NET.Ref/" target="_blank">.NET TFM packages</a> for use in .NET apps as described at <a href="https://aka.ms/windowsinsidersdk" target="_blank">aka.ms/windowsinsidersdk</a></li> <li data-xf-list-type="ul"><a href="https://www.nuget.org/packages/Microsoft.Windows.SDK.CPP/" target="_blank">C++ packages</a> for Win32 headers and libs per architecture</li> <li data-xf-list-type="ul"><a href="https://www.nuget.org/packages/Microsoft.Windows.SDK.BuildTools/" target="_blank">BuildTools package</a> when you just need tools like MakeAppx.exe, MakePri.exe, and SignTool.exe</li> </ul><p>These NuGet packages provide more granular access to the SDK and better integration in CI/CD pipelines. <strong>SDK flights are now published for both the Canary and Dev Channels, so be sure to choose the right version for your Insider Channel.</strong> Remember to use <a href="https://learn.microsoft.com/windows/uwp/debug-test-perf/version-adaptive-apps" target="_blank">adaptive code </a>when targeting new APIs to make sure your app runs on all customer machines, particularly when building against the Dev Channel SDK. <a href="https://learn.microsoft.com/uwp/api/windows.foundation.metadata.apiinformation?view=winrt-22621" target="_blank">Feature detection</a> is recommended over OS version checks, as OS version checks are unreliable and will not work as expected in all cases.</p><h2><strong>About the Canary Channel</strong></h2><p>The Canary Channel is the place to preview platform changes that require longer-lead time before getting released to customers. Some examples of this include major changes to the Windows kernel, new APIs, etc. Builds that we release to the Canary Channel should not be seen as matched to any specific release of Windows and some of the changes we try out in the Canary Channel will never ship, and others could show up in future Windows releases <strong>when they’re ready</strong>. <strong>The builds that will be flighted to the Canary Channel are “hot off the presses,” flighting very soon after they are built, which means very little validation and documentation will be done before they are offered to Insiders.</strong> These builds could include major issues that could result in not being able to use your PC correctly or even in some rare cases require you to reinstall Windows. We will offer limited documentation for the Canary Channel, but we will not publish a blog post for every flight – only when new features are available in a build. Our Canary Channel won’t receive daily builds; however, we may ramp up releasing builds more frequently in the future. <strong>The desktop watermark you see at the lower right corner of your desktop is normal for these pre-release builds.</strong></p><h2><strong>Important Insider Links</strong></h2> <ul> <li data-xf-list-type="ul">You can <a href="https://aka.ms/wip-docs" target="_blank"><strong>check out our Windows Insider Program documentation here</strong></a>.</li> <li data-xf-list-type="ul">Check out <a href="https://aka.ms/flighthub" target="_blank"><strong>Flight Hub</strong></a> for a complete look at what build is in which Insider channel.</li> </ul><p>Thanks, Amanda & Brandon</p><p></p><p>Source: <a href="https://blogs.windows.com/windows-insider/2023/06/02/announcing-windows-11-insider-preview-build-25381/" target="_blank">Announcing Windows 11 Insider Preview Build 25381</a></p></blockquote><p></p>
[QUOTE="Bot, post: 1042869, member: 52014"] Hello Windows Insiders, today we are releasing [B]Windows 11 Insider Preview Build 25381 [/B]to the Canary Channel. [B]REMINDER: As builds released to the Canary Channel are “hot off the presses,” we will offer limited documentation for builds flighted to the Canary Channel (no known issues for example), but we will not publish a blog post for every flight – only when new features are available in a build. And like the [/B][URL='https://blogs.windows.com/windows-insider/2023/05/25/announcing-windows-11-insider-preview-build-25375/'][B]previous Canary Channel build[/B][/URL][B], this build has a few new features and changes to document. [/B] [HEADING=1][B]What’s new in Build 25381[/B][/HEADING] [HEADING=2][B]SMB signing requirement changes[/B][/HEADING] Beginning with Windows 11 Insider Preview Build 25381 Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named [URL='https://techcommunity.microsoft.com/t5/itops-talk-blog/how-to-defend-users-from-interception-attacks-via-smb-client/ba-p/1494995']SYSVOL and NETLOGON[/URL] and where Active Directory [URL='https://learn.microsoft.com/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always']domain controllers[/URL] required SMB signing when any client connected to them. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape. All versions of Windows and Windows Server support SMB signing. But a third-party might disable or not support it. If you attempt to connect to a remote share on a third-party SMB server that that does not allow SMB signing, you may receive the one of following error messages: [LIST] [*]0xc000a000 [*]-1073700864 [*]STATUS_INVALID_SIGNATURE [*]The cryptographic signature is invalid. [/LIST] To resolve this issue, configure your third-party SMB server to support SMB signing. This is Microsoft's official recommended guidance. Do not disable SMB signing in Windows or use SMB1 to work around this behavior (SMB1 supports signing but does not enforce it). An SMB device that does not support signing allows interception and relay attacks from malicious parties. SMB signing can reduce the performance of SMB copy operations. You can mitigate this with more physical CPU cores or virtual CPUs as well as newer, faster CPUs. To see the current SMB signing settings, run the following PowerShell commands: Get-SmbServerConfiguration | fl requiresecuritysignature Get-SmbClientConfiguration | fl requiresecuritysignature To disable the requirement for SMB signing in client (outbound to other device) connections, run the following PowerShell command as an elevated administrator: Set-SmbClientConfiguration -RequireSecuritySignature $false To disable the requirement for SMB signing in server (on Windows 11 Insider Preview Build 25381 and higher with Enterprise edition devices), run the following PowerShell command as an elevated administrator: Set-SmbServerConfiguration -RequireSecuritySignature $false No reboot is required but existing SMB connections will still use signing until they are closed. For more information on this change, visit [URL="https://aka.ms/SMBSigningOBD"]SMB signing required by default in Windows Insider[/URL]. [HEADING=1][B]Changes and Improvements[/B][/HEADING] [HEADING=2][B][General][/B][/HEADING] [LIST] [*]If a camera streaming issue is detected such as a camera failing to start or a closed camera shutter, a pop-up dialog will appear with the recommendation to launch the automated Get Help troubleshooter to resolve the issue. [/LIST] [HEADING=1][B]For developers[/B][/HEADING] You can download the latest Windows Insider SDK at [URL='https://aka.ms/windowsinsidersdk']aka.ms/windowsinsidersdk[/URL]. SDK NuGet packages are now also flighting at [URL='https://www.nuget.org/profiles/WindowsSDK']NuGet Gallery | WindowsSDK[/URL] which include: [LIST] [*][URL='https://www.nuget.org/packages/Microsoft.Windows.SDK.NET.Ref/'].NET TFM packages[/URL] for use in .NET apps as described at [URL='https://aka.ms/windowsinsidersdk']aka.ms/windowsinsidersdk[/URL] [*][URL='https://www.nuget.org/packages/Microsoft.Windows.SDK.CPP/']C++ packages[/URL] for Win32 headers and libs per architecture [*][URL='https://www.nuget.org/packages/Microsoft.Windows.SDK.BuildTools/']BuildTools package[/URL] when you just need tools like MakeAppx.exe, MakePri.exe, and SignTool.exe [/LIST] These NuGet packages provide more granular access to the SDK and better integration in CI/CD pipelines. [B]SDK flights are now published for both the Canary and Dev Channels, so be sure to choose the right version for your Insider Channel.[/B] Remember to use [URL='https://learn.microsoft.com/windows/uwp/debug-test-perf/version-adaptive-apps']adaptive code [/URL]when targeting new APIs to make sure your app runs on all customer machines, particularly when building against the Dev Channel SDK. [URL='https://learn.microsoft.com/uwp/api/windows.foundation.metadata.apiinformation?view=winrt-22621']Feature detection[/URL] is recommended over OS version checks, as OS version checks are unreliable and will not work as expected in all cases. [HEADING=1][B]About the Canary Channel[/B][/HEADING] The Canary Channel is the place to preview platform changes that require longer-lead time before getting released to customers. Some examples of this include major changes to the Windows kernel, new APIs, etc. Builds that we release to the Canary Channel should not be seen as matched to any specific release of Windows and some of the changes we try out in the Canary Channel will never ship, and others could show up in future Windows releases [B]when they’re ready[/B]. [B]The builds that will be flighted to the Canary Channel are “hot off the presses,” flighting very soon after they are built, which means very little validation and documentation will be done before they are offered to Insiders.[/B] These builds could include major issues that could result in not being able to use your PC correctly or even in some rare cases require you to reinstall Windows. We will offer limited documentation for the Canary Channel, but we will not publish a blog post for every flight – only when new features are available in a build. Our Canary Channel won’t receive daily builds; however, we may ramp up releasing builds more frequently in the future. [B]The desktop watermark you see at the lower right corner of your desktop is normal for these pre-release builds.[/B] [HEADING=1][B]Important Insider Links[/B][/HEADING] [LIST] [*]You can [URL='https://aka.ms/wip-docs'][B]check out our Windows Insider Program documentation here[/B][/URL]. [*]Check out [URL='https://aka.ms/flighthub'][B]Flight Hub[/B][/URL] for a complete look at what build is in which Insider channel. [/LIST] Thanks, Amanda & Brandon Source: [URL="https://blogs.windows.com/windows-insider/2023/06/02/announcing-windows-11-insider-preview-build-25381/"]Announcing Windows 11 Insider Preview Build 25381[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
