Alert essentials:

Recent articles indicated that Windows 11 could be installed on devices not meeting the required hardware recommendations.

This information is incorrect.

Do not upgrade the operating systems of older devices to Windows 11.

 

Email Team

 

Detailed threat description:

Since October 1, 2024, administrators have been trying to determine what is happening with Windows 11, and the confusion continues.

For those who may not have been following reports the last few weeks, articles circulated that Microsoft approves installing Windows 11 on devices that do not meet the minimum requirements. These commentaries originated from the release of a Microsoft article intended to remind customers of the implications of installing Windows 11 on devices with capabilities less than recommended. However, the meaning behind the article was misconstrued, and a flurry of confusing articles was unleashed.

With Windows 11, Microsoft’s chief requirement is the availability of a Trusted Platform Module (TPM) 2.0 chip. A TPM is a security chip that can be embedded in a laptop or plugged into most desktop PCs.

When powered on, a PC or laptop that uses full disk encryption and a TPM receives a cryptographic key. The key unlocks the encrypted drive and validates device information such as credentials, passwords, certificates, encryption keys, and other sensitive information. If the key is validated on device start-up, the computer will boot as expected.

However, if the data stored in the TPM has been altered, the device will not boot up. Think of this as a verification that no part of the system has been tampered with. If a device was purchased in the last few years, it likely has a TPM that works with Windows 11.

Population Count (PopCnT) is a CPU instruction that counts the number of set bits (1s) in a binary value. SSE4.2 is a processor direction set extension that adds instructions to increase performance when the same operations are performed on multiple data objects. Windows 11 24H2 only works on processors that come with PopCnT and SSE4.2; thus, no bypass method, app, or software can help those on older hardware.

Microsoft is not lowering Windows 11 system requirements for hardware. If Windows 11 is installed on a device that doesn’t meet the recommended system requirements, compatibility issues may occur, the system may malfunction, and updates will become even more challenging for patching teams.

Microsoft has updated the support article that initially caused the confusion. It reminds users that if they attempt to install or upgrade to Windows 11 on a PC that does not meet these requirements, the installer will refuse to continue, just as it always has. Microsoft has no plans to change this behavior.

Windows 11 24H2 System Requirements:

  • Processor: 1GHz or faster processor with two or more cores. A compatible 64-bit processor or system on a chip (SoC)
    • If using Copilot, a Snapdragon X series processor is recommended
  • Memory: 4 gigabytes (GB)
    • If using Copilot, a minimum of 16 GB is required
  • Storage: 64 GB
    • If using Copilot, a minimum of 256 GB is recommended
  • Graphics card: Compatible with DirectX 12 or later, with a WDDM 2.0 driver
  • System firmware: UEFI, Secure Boot capable
  • TPM: Trusted Platform Module (TPM) version 2.0 enabled in the bios
  • CPU: Must support SSE4.2 or SSE4A
  • NPU (Neural Processing Unit-an AI accelerator): 40+ TOPS
  • RAM: Minimum 4 GB
    • If using Copilot, 16GB is recommended
  • Display: High definition (720p) display, 9″ or greater monitor, 8 bits per color channel
  • ARM: ARMv8.1
  • Internet connection: Internet connectivity is necessary to perform updates and to download and use some features
  • Windows 11 Home edition requires an internet connection and a Microsoft Account to complete device setup on first use

 

Impacts on healthcare organizations:

Upgrading the operating system on devices without the recommended hardware can cause performance degradation, compatibility problems, hardware failure, and increased costs.

To mitigate these impacts, organizations should carefully assess hardware compatibility before upgrading, consider virtualization solutions for legacy applications, and develop a comprehensive upgrade strategy that accounts for software and hardware requirements.

 

Affected Products / Versions:

KBs
KB5046617, KB5044284

 

Recommendations

Engineering recommendations:

  • Installing Windows 11 on a device that doesn’t meet Windows 11 minimum system requirements isn’t recommended
  • If Windows 11 is installed on ineligible hardware, your device won’t receive support from Microsoft, and you should be comfortable assuming the risk of running into compatibility issues
  • Additionally, these devices aren’t guaranteed to receive updates, including but not limited to security updates
  • Use compatibility tools: Utilize built-in OS compatibility tools or third-party software to check for potential issues
  • Rollback to Windows 10 is available for only 10 days after upgrading

Leadership/ Program recommendations:

  • For legacy applications or hardware that may not be compatible, consider using virtual machines to run older systems alongside the new OS
  • Review and update the organization’s IT disaster recovery plans to better handle similar situations in the future

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: