Technical Analysis & Remediation
MITRE ATT&CK Mapping
T1082 (System Information Discovery)
The feature mitigates adversaries' ability to enumerate storage configurations and file system details via the GUI.
T1548.002 (Abuse Elevation Control Mechanism
Bypass User Account Control)
While not a bypass, this feature leverages UAC to create a trust boundary around sensitive system information.
Update Telemetry & Artifacts
KB Identifier
KB5074105 (Cumulative Update Preview).
Target Versions
Windows 11 24H2 (Build 26100.7705) and 25H2 (Build 26200.7705).
Trigger Mechanism
Accessing ms-settings:storagesense or navigating to the Storage page now invokes the Consent.exe (UAC) flow.
Operational Context
Previously, any user with an unlocked session could view granular storage details. This update closes that gap, specifically mitigating "shoulder surfing" and unauthorized data manipulation by individuals with physical access.
Remediation - THE ENTERPRISE TRACK (SANS PICERL)
Phase 1: Identification & Containment
Identify
Audit endpoints for Windows 11 version 24H2/25H2. Use WSUS/Intune to identify devices eligible for the January 2026 preview.
Containment
N/A (Feature is defensive). However, ensure Help Desk is aware of the new UAC prompt to prevent false positive tickets regarding "locked settings."
Phase 2: Eradication (Implementation)
Deploy
This is currently an optional update. Enterprise environments should test KB5074105 in a pilot ring before the features are rolled into the mandatory February Patch Tuesday update.
Pre-requisite
Ensure the Servicing Stack Update (SSU) KB5074104 is installed to guarantee reliable installation.
Phase 3: Recovery & Validation
Validation
After reboot, log in as a standard user and attempt to access Settings > System > Storage. Verify that a UAC credential prompt appears.
Rollback
If compatibility issues arise (e.g., with third-party storage management tools), the cumulative update portion can be removed using DISM /Remove-Package, though the SSU cannot be uninstalled.
Phase 4: Lessons Learned
Governance
Update internal documentation to reflect that Storage settings are now a privileged area. Review other sensitive settings pages for similar future hardening.
Remediation - THE HOME USER TRACK
Priority 1: Update Installation
Navigate to Settings > Windows Update and look for the "2026-01 Cumulative Update Preview" (KB5074105). Click Download & Install.
Priority 2: Verification
Once restarted, try to open the Storage settings. If you are using a Standard account (recommended for safety), you should see a prompt asking for an Administrator password.
Priority 3: UAC Configuration
Ensure your User Account Control settings are not set to "Never Notify," as this would bypass the intended security benefit of this feature.
Hardening & References
CIS Benchmark
Ensure User Account Control: Behavior of the elevation prompt for administrators is set to "Prompt for consent on the secure desktop" to maximize the effectiveness of this new control.
Lifecycle Strategy
This update also refreshes local AI models (Copilot+) and fixes explorer.exe crashes, making it a critical stability update beyond just security.
Sources
Cyber Security News
Microsoft Support
cybersecuritynews.com
