Microsoft «kills a feature that protected «older» versions of Windows 11 — and no one knows why

Microsoft is planning to remove a security feature in older versions of Windows 11 — all versions before 24H2. Support for VBS enclaves (virtualization-based security enclaves) will be discontinued in Windows 11 23H2 and 22H2. The same applies to server versions: Windows Server 2022, 2019, and 2016. This effectively means that older versions of Windows 11 and Windows Server will become less secure.

Microsoft’s statement reads:

VBS enclaves appeared in July last year, along with clarification of the system requirements for this feature. This technology is based on VBS — Virtualization-based Security.

VBS is one of the key security features of Windows 11 that Microsoft has repeatedly promoted. It is not known why the company decided to abandon one of its components in relatively new versions of the OS —, no official reason was given.

However, it’s worth noting that Microsoft often abandons old standards to improve security or introduce newer, more efficient technologies. For example, the company has recently updated the data collection mechanisms in the Edge browser and is gradually phasing out support for ActiveX in office applications.

What are VBS enclaves for? They improve the security of memory operations in applications by creating virtual trust levels (VTLs) within a trusted execution environment (TEE — Trusted Execution Environment).

However, even this technology is not perfect: in January, Microsoft had to fix a privilege escalation vulnerability in VBS enclaves (CVE-2025-21370). By the way, in the area of memory protection, the company also began integrating the Rust language into the Windows kernel in 2024 — starting with Windows 11 version 23H2.

A list of features that are no longer supported can be found at the official Microsoft website.

.

Source: neowin