Microsoft’s open heart surgery on Windows 10 for TH2

Author: No Comments Share:

Muscle Car Engine View

Microsoft today announced the availability of the “Windows for Business” update to Windows 10, which (for geeks) was code-named “Threshold 2”.  The update includes a slew of new features and bug fixes.

Rather than focus on the visible changes, I wanted to know just how much Microsoft had changed the OS, given its new “Windows as a service” approach to aggressively patching the OS, and to delivering only cumulative patch updates.  WaaS has put IT departments on notice that not patching is not acceptable – which has predictably riled some IT folk, but is nonetheless the right way to address the major contributor to breaches, in which 70% of breaches result from malware exploiting a vulnerability for which a patch has been available for over a year.

On to the data:  TH2 delivers massive changes under the hood.   A typical Windows 10 installation (with 3 language packs) numbers about 130,000 files.  For build 10240, the total number is 130,266, and for build 10565 (the TH2 preview released to the fast ring of testers about a week ago), that number changed to 131,404.  Did they simply add 1,138 files?  Far from it.  Upgrading from 10240 to 10565,  Microsoft modified 26,434 files, added 94,431 files and deleted 93,264.

Probably the vast number of deletions and additions is due to the way the WinSXS  works – the files are logically moving from folders that include a Windows version number; but at the same time, the binaries in them are indeed different.  Without the SxS folder structure the delete/add totals would probably diminish, but the “files modified” count would correspondingly rise.

So, if you roughly tot up the files modified (~26k), plus the “swaps in and out” (~94k) (== ~120k) you’re not far off the full install (~130k).   The registry is similarly transformed.  On the upgrade the number of registry keys changed was 288,320.

In a nutshell: Threshold 2 essentially delivers a completely new OS, and the amazing thing is that you’ll probably not notice the changes, other than the new features.  Of course this is a massive update in terms of download size, but no enterprises have rolled out Windows 10 yet so the impact will hit consumers more.   Of course there might be a downside for ISVs that rely on areas of the registry that were modified, or assumed that the Windows folder was intended for anything other than Windows, but ultimately ISVs need to adjust their world-view too: Gone are the days when you can dig deep inside the OS and hope that nothing will change.

Another positive:  With an upgrade this big, just about everything is being changed.  The OS is more secure, and any vulnerabilities that bad guys had thought about exploiting may well have been addressed or substantially changed – setting the attackers back substantially.

(Sleuthing by Adrian Taylor & Tim Howes of @Bromium)

Previous Article

Chimera: The Many Heads of Crypto-ransomware

Next Article

Xen security advisories from October 2015 and Bromium vSentry

You may also like