Microsoft sometimes distributes important security updates through the Microsoft Store. That’s the lesson we’re learning in July 2020, when Microsoft sent an important update for Windows 10’s HEVC codecs not via Windows Update but via the Store.
Yes, Security Updates Can Come from the Store
This isn’t a huge surprise, as the codecs are installed via the Store in the first place—either by you or by your PC manufacturer. However, if you’ve disabled automatic app updates from the Microsoft Store, your Windows 10 PC will have the old, vulnerable codecs installed until you open the Store and install the update manually.
It’s easy to see how many Windows 10 PCs may never install this important security update.
How to Enable Automatic Store Updates on Windows 10
To prevent this sort of problem in the future, we recommend enabling automatic app updates from the Store. To do so, open the Microsoft Store app from your Start menu or taskbar. You can press the Windows key to open the Start menu, type “Store” to search for it, and press “Enter” to launch it.
In the Store, click the menu button at the top-right corner of the window. It looks like a “…”. Select “Settings.”
Ensure the “Update apps automatically” option at the top of the window is set to “On.” You’re done. You can now close the Store.
How to Limit the Automatic Updates
Want to stop Windows 10 from downloading unnecessary app updates in the background? Consider uninstalling apps you don’t use.
You can right-click many of Windows 10’s included apps in the Start menu and select “Uninstall” to remove them. If you don’t use Microsoft’s Mail app, feel free to remove it.
Windows won’t download updates for apps you don’t have installed. If you want to use the app in the future, you can re-install it from the Store.
If you don’t want to worry about updates for these codecs, you could also uninstall them and just use a third-party video player like VLC instead. You’d just have to update VLC or whatever video player you choose.
However, we don’t really know which apps included with Windows 10 will get security updates via the Store in the future.
At least nine books have become unavailable or marked as “under review”, according to the South China Morning Post newspaper. They include books authored or co-authored by Joshua Wong, a prominent pro-democracy activist, and pro-democracy politician Tanya Chan.
On Saturday, Mr Wong tweeted that the new law “imposes a mainland-style censorship regime” on Hong Kong, calling it “one step away from … actual book banning”.
Beijing has dismissed criticism of the law, saying it is necessary to stop the type of mass pro-democracy protests seen in Hong Kong during much of 2019, which at times exploded into very violent clashes between protesters and police.
It has rejected complaints by the UK and other Western nations that it is in breach of guarantees it made to protect Hong Kong’s unique freedoms as interference in its internal affairs.
Fear and uncertainty everywhere
By Danny Vincent, BBC News, Hong Kong
Hong Kong was promised certain political freedoms for 50 years after the handover. It was guaranteed rights such as freedom of speech, freedom of assembly and an independent judicial system.
To many Hong Kong residents, the national security law represents a premature end to those freedoms.
Supporters say the law will help to restore order after a year of protest. But critics say it is being used to criminalise opposition to Beijing.
The removal of political books from public libraries would have been unimaginable just a week ago. In today’s Hong Kong, business owners remove messages of support for the protest movement from their premises, fearful that they could be interpreted as attempts at inciting subversion.
So far, 10 people have been arrested for allegedly violating the new law. But fear and uncertainty are widespread. Protesters now call for demonstrators to hold up blank placards at marches. They fear that their words could lead to life imprisonment.
What is the security law?
The law is wide-ranging, and gives Beijing powers to shape life in Hong Kong that it has never had before. The law makes inciting hatred of China’s central government and Hong Kong’s regional government offences.
It also allows for closed-door trials, wire-tapping of suspects and the potential for suspects to be tried on the Chinese mainland.
Acts including damaging public transport facilities – which often happened during the 2019 protests – can be considered terrorism.
There are also concerns over online freedom as internet providers might have to hand over data if requested by police.
This new Windows 10 version comes with many new features, detailed in a previous ZDNet article, here, including the likes of a revamped Network Status page, the addition of GPU card temperatures to the Task Manager, and a new Cortana experience.
However, the Windows 10 2004 version also comes with improvements on the security front, which Microsoft claims will help keep Windows 10 users safe going forward.
Below is a list of all the new features, which we plan to update as we uncover new features in the coming days.
Windows Sandbox improvements
Last year, Microsoft introduced the Windows Sandbox on all Windows versions with the release of v1903. The Windows Sandbox component allows users to launch a virtual machine running a stripped down version of Windows 10. Since its launch, the Windows Sandbox has grown in popularity among the company’s userbase as it allows users to execute dangerous apps in an isolated environment, without damaging their primary Windows 10 installation.
While the Windows Sandbox component is not on par with other sandboxing software, work on it has not stopped once it shipped with a Windows 10 release. Today, Microsoft rolled out a series of new features, which will make the app easier to automate in enterprise testing environments.
Support for configuration files so you can configure some aspects of the sandbox, such a vGPU, networking, and shared folders.
The ability to configure audio input from the configuration file.
Activate the Ease of Access dialog with Shift+Alt+[print screen].
Enter and exit full screen mode with CTRL+Alt+[break].
Support for WiFi 6 and WPA3
Windows 10 v2004 now supports the latest versions of the WiFi wireless communications standard and WPA, the protocol used to authenticate WiFi connections.
Both protocols include protections against a series of attacks, such as DragonBlood, KRACK, and more, allowing Windows 10 users to connect to WiFi networks in a safer manner.
System Guard improvements
Microsoft says it also upgraded System Guard Secure Launch, a feature that checks if the device firmware has loaded in a secure manner, without being tampered.
In Windows 10, version 2004, Microsoft says the System Guard Secure Launch now measures more parameters than before. However, this feature will require modern hardware and may not work on all devices.
New security baselines
We also have new security baselines (drafts for now) for Windows 10 and Windows Server installations.
Security baselines are basic OS configurations that system administrators can deploy across their computer fleets and ensure that basic security features are enabled.
Windows Hello expanded
Windows Hello is a feature that lets users log into their Windows computer using biometrics (fingerprint scan, face scan) or passwordless methods (PIN code).
In Windows 10 v2004, once enabled, Windows Hello login options will also show up for computers booted up Safe Mode.
Furthermore, Windows Hello passwordless authentication methods can also be used as an alternative to passwords when users are logging into their Microsoft accounts.
More FIDO2 support
Windows 10 supports FIDO2 security keys as a form of passwordless authentication.
Starting with Windows 10 v2004, Microsoft says that FIDO2 security key support “has been expanded to include hybrid Azure Active Directory (Azure AD)-joined devices, enabling even more customers to take an important step in their journey towards passwordless environments.”
Microsoft says that devices that run on AMD’s new Ryzen Pro 4000 chipsets are now compatible with its new Secured-core technology. Secured-core is a feature of Windows 10 PCs that includes additional protections against attacks that tamper with a device’s hardware components, firmware, or CPU’s internal components.
Until today, the “Reset this PC” option only had one option — namely to do a local reinstall where it would build a new Windows installation from existing Windows files. Starting with Windows 10 2004, users can select the cloud recovery option, which will instruct Windows to download the files needed for a reinstall from Microsoft’s servers.
This option is recommended for users on fast internet connections only.