Acer today unveiled the Acer Connect Vero W6m mesh router, its first eco-friendly Wi-Fi 6E router that incorporates post-consumer recycled (PCR) materials in its chassis and features an Eco mode for efficient energy consumption. The router is powered by a quad-core 2 GHz processor and includes a bundle of enhanced connectivity, coverage, and security features, including Wi-Fi 6E Tri-Band AXE7800 capability.

"We are thrilled to expand Acer's portfolio of network devices with the launch of the Acer Connect Vero W6m Wi-Fi 6E mesh router, engineered with support for Wi-Fi 6E tri-band connectivity to provide swift and secure connections with vast network coverage within any home or office locations," said Wayne Ma, General Manger, IoB, Acer Inc. "The performance-driven router is also the latest addition to our growing Vero line of eco-conscious products, embodying Acer's commitment to fulfilling its environmental responsibility and helping minimize carbon footprint."
Fast and Seamless Wi-Fi 6E Connections

Dell Technologies and NVIDIA announce a joint initiative to make it easier for businesses to build and use generative AI models on-premises to quickly and securely deliver better customer service, market intelligence, enterprise search and a range of other capabilities. Project Helix will deliver a series of full-stack solutions with technical expertise and pre-built tools based on Dell and NVIDIA infrastructure and software. It includes a complete blueprint to help enterprises use their proprietary data and more easily deploy generative AI responsibly and accurately.

"Project Helix gives enterprises purpose-built AI models to more quickly and securely gain value from the immense amounts of data underused today," said Jeff Clarke, vice chairman and co-chief operating officer, Dell Technologies. "With highly scalable and efficient infrastructure, enterprises can create a new wave of generative AI solutions that can reinvent their industries."

"We are at a historic moment, when incredible advances in generative AI are intersecting with enterprise demand to do more with less," said Jensen Huang, founder and CEO, NVIDIA. "With Dell Technologies, we've designed extremely scalable, highly efficient infrastructure that enables enterprises to transform their business by securely using their own data to build and operate generative AI applications."

Microsoft is determined to get the entirety of its Windows 10 userbase onto the final version - 22H2 - by early summer. Older iterations including 21H2 (issued in November of 2021), will not receive official support beyond the date: June 13 2023. The announcement crept out quietly last week, via the company's Learn Documentation center: "Home, Pro, Pro Education, and Pro for Workstations editions of Windows 10, version 21H2 will reach end of servicing. The upcoming June 2023 security update, to be released on June 13, 2023, will be the last update available for these versions. After this date, devices running these version will no longer receive monthly security and preview updates containing protections from the latest security threats."

The reminder does not give specific details about rollout timings, but news outlets reckon that OS-focused enforcements will begin in early June: "To help keep you protected and productive, Windows Update will automatically initiate a feature update for Windows 10 consumer devices and non-managed business devices that are at, or within several months of, reaching end of servicing. This keeps your device supported and receiving monthly updates that are critical to security and ecosystem health. For these devices, you will be able to choose a convenient time for your device to restart and complete the update." Microsoft provides further advice and recommends that users update (manually) to version 2H22 at the earliest opportunity, or take the larger step of transferring to Windows 11. Last month TPU reported on a similar official advisory blog entry, where the author/product manager (in effect) proposed "that current Windows 10 users move to 11 as soon as possible, in order to enjoy a continued stream of feature updates."

MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.

Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced the release of the USB 10Gbs Aegis NVX. Employing proprietary architecture, The Aegis NVX is the first Apricorn encrypted device to feature an NVMe SSD inside. Initial capacity offerings will be 500 GB, 1 TB, and 2 TB, with a price range of $339.00 - $739.00 MSRP.

The NVX was conceived to address the immediate protection of raw data delivered directly from its source at high speeds, such as high-definition video cameras with the capability to write to an external SSD via USB C or HDMI. The NVX's high-speed read/write capabilities at 1,000 MB/s are sought after in the fields of military intelligence, digital forensics, filmmaking and healthcare where write speeds over 600 Mb/s are critical.

Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.

Apple announced a joint partnership with Google in submitting a new industry specification to curtail unwanted tracking via Bluetooth location-tracking devices currently on the market. The new standard would provide tracker detection across both iOS and Android, regardless of the brand of the tracker being used. The proposal addresses the concerns surrounding the ease in which a person can be tracked by a sneaky location-tracker stuck to their person, possession, or vehicle by bad-faith actors using the technology to stalk individuals. Apple has previous released updates to their Find My service which will alert the victim if they are being tracked by an unknown AirTag, but this tech relies on the person having an iPhone. Third party detection apps exist on Android, but they're far from perfect and aren't currently officially supported by any of the parent companies making Bluetooth location trackers.

The proposal has received industry wide support from other manufacturers such as Samsung, Tile, Chipolo, eufy Security, and Pebblebee. Advocacy groups such as The National Network to End Domestic Violence and the Center for Democracy & Technology have also contributed to the specification draft. The draft has been submitted via the Internet Engineering Task Force (IETF) with a three month review and comment period open to interested parties that would like to weigh in on the proposed specification. After this period Apple and Google will work to address concerns and feedback before putting the specification into production by the end of 2023, unifying a tracking alerts system on all future versions of iOS and Android.

As market share of Apple's ARM based Mac computers has increased, so too have efforts to compromise them by previously uninterested hacker groups. A recent string of malware created specifically for macOS has shown that these groups are turning their gaze toward the generally well protected Mac ecosystem. One of these new malware threats, discovered by Jamf Threat Labs and dubbed 'RustBucket,' acts as a simple third-party PDF viewer. The application itself does nothing malicious until a specific PDF is opened which includes an encoded key that triggers a connection to be made between the attacker's server and the victim's Mac, and a small malicious payload to be downloaded. The initial payload begins running system recon commands to determine the machine information, and then downloads a third stage payload which gives the attackers further access to the underlying operating system. All stages after the user opens the PDF are run silently in the background. The PDF viewer used as the catalyst for this hack does require manually overriding Apple's Gatekeeper as it carries no signature, so the obvious step to mitigate this attack is to not use third-party apps or services aside from those curated on Apple's App Store.

The second macOS malware of the week was discovered by Cyble Research and Intelligence Labs (CRIL) being offered for a paltry $1,000 USD per month on a Telegram channel, with the malware going by the name "Atomic macOS Stealer" or "AMOS." This malware has capabilities to scrape keychain passwords, system information, files from the desktop and documents folders, the macOS user password, browser auto-fills, passwords, cookies, wallets, and stored credit card info. The malware is especially adapted to go after cryptowallets with Cyble citing examples such as Electrum, Binance, Exodus, Atomic, and Coinomi. Cyble notes that they've seen the malware receiving active development to improve its capabilities and the threat actors even offering management software and web panels for keeping track of victimized machines, all with a logging system that dumps to Telegram. The current attack vector is a simple Golang.dmg file which installs the malware, so this does appear to require direct machine access. However once installed, "AMOS" does its handiwork without detection and sends a compressed file off to the attacker's server with all the information it collected.

Genesis Market, an online-fraud-facilitation website and marketplace, has today been closed by an international joint effort coordinated by various police forces. Law enforcement agencies around the world took part in synchronized raids, including at locations in the UK and USA. 208 searches have been carried out, beginning at dawn on Tuesday 4 April, and a total of 119 suspected individuals have been arrested. This operation was spearheaded by the FBI in the US and the Dutch National Police. Consequently, users of the genesis.market website have been greeted with a boastful message and infographic on the home and login pages: "Operation Cookie Monster. This website has been seized."

Sophos, a leading software and hardware security vendor, has previously identified genesis.market as: "an invitation-only marketplace" from which buyers can acquire stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems." According to the company's research, the illegal marketplace was also identified as an Initial Access Broker (IAB) - a business that compromises systems and services, steals data, and sells it. Genesis Market has special engagement capabilities in the field of illegally acquiring "credentials, cookies, and digital fingerprints". This stolen data was often sold on under individual lots, but the site also offered a longer term supply of data packages via a subscription service. This would offer the customer an up-to-date information trail, be it the tracking of an individual person or a collective.

Microsoft Corp. on Tuesday announced it is bringing the next generation of AI to cybersecurity with the launch of Microsoft Security Copilot, giving defenders a much-needed tool to quickly detect and respond to threats and better understand the threat landscape overall. Security Copilot will combine Microsoft's vast threat intelligence footprint with industry-leading expertise to augment the work of security professionals through an easy-to-use AI assistant.

"Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers," said Vasu Jakkal, corporate vice president, Microsoft Security. "With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI."

Fortinet, the global cybersecurity leader driving the convergence of networking and security, today announced FortiSP5, the latest breakthrough in ASIC technology from Fortinet, propelling major leaps forward in securing distributed network edges. Building on over 20 years of ASIC investment and innovation from Fortinet, FortiSP5 delivers significant secure computing power advantages over traditional CPU and network ASICs, lower cost and power consumption, the ability to enable new secure infrastructure across branch, campus, 5G, edge compute, operational technologies, and more.

"With the introduction of FortiSP5, Fortinet once again sets new industry records for performance, cost, and energy efficiency. As the only cybersecurity vendor leveraging purpose-built ASICs, an over 20-year investment in innovation, Fortinet delivers the secure computing power that will support the next generation of secure infrastructure." Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet

Microsoft's Windows Server 2008 and 2008 R2 customers still represent a large group, as Microsoft has announced an additional year of Extended Security Updates (ESU) with a caveat. Only available for Microsoft Azure customers, the ESU program will allow Windows Server 2008 and R2 users on Azure cloud to get security updates until January 9, 2024. By no means is this not a free program, and Microsoft will bill this extensively as it is available internationally. Many customers are forced to join the ESU program for their Windows Server 2008 and R2 systems, as upgrading the OS to the latest version is not always possible without significant downtime or a hardware update.

The following customer base has legibility to the fourth year of the ESU program:

• Windows Server 2008 R2 Service Pack 1 (SP1)
• Windows Server 2008 Service Pack 2 (SP2)
• Windows Embedded POSReady 7
• Windows Embedded Standard 7
• All Azure virtual machines (VMs) running Windows Server 2008 R2 and Windows Server 2008 operating systems on Azure, Azure Stack, Azure VMWare Solutions, or Azure Nutanix Solution.

On Day 2 of Intel Innovation, Intel illustrated how its efforts and investments to foster an open ecosystem catalyze community innovation, from silicon to systems to apps and across all levels of the software stack. Through an expanding array of platforms, tools and solutions, Intel is focused on helping developers become more productive and more capable of realizing their potential for positive social good. The company introduced new tools to support developers in artificial intelligence, security and quantum computing, and announced the first customers of its new Project Amber attestation service.

"We are making good on our software-first strategy by empowering an open ecosystem that will enable us to collectively and continuously innovate," said Intel Chief Technology Officer Greg Lavender. "We are committed members of the developer community and our breadth and depth of hardware and software assets facilitate the scaling of opportunities for all through co-innovation and collaboration."

p-Chip Corporation, a company that is revolutionizing the tracking of physical products and materials with its cutting-edge microtransponder technology, today introduced its newest breakthrough, the p-Chip Code secure tracking tag. The p-Chip Code tracker combines a silicon-based p-Chip microtransponder with a standard 2D matrix code to create hyper-secure QR codes, bar codes and other matrix codes.

"The pandemic brought widespread QR code use into the center of the consumer mainstream," said Joe Wagner, CEO of p-Chip Corporation. "But for many businesses, including food brands, pharmaceutical companies, automobile manufacturers and others, QR codes pose a host of potential security risks, since they are incredibly easy to create and replicate. The new p-Chip Code technology provides an additional layer of security for QR codes or other matrix codes, delivering a breakthrough in reliable traceability at an affordable price."

Marvell today unveiled its LiquidSecurity 2 (LS2) hardware security module (HSM) adapter, the industry's most advanced solution for enabling encryption, key management, authentication and other HSM services in the cloud. LS2 is a converged security platform for payment, privacy compliance, and general purpose applications, and is powered by a cloud-optimized Marvell OCTEON data processing unit (DPU), proven at scale across the world's largest hyperscale clouds. The new Marvell HSM adapter offers the industry's highest performing cryptographic acceleration and processing, including hardware-secured storage of up to one million keys for AES, RSA and ECC encryption algorithms, and 45 partitions for robust multi-tenant use cases.

As enterprises migrate from on-premises to private- or multi-cloud environments, the industry-leading Marvell LiquidSecurity platform empowers cloud service providers and large enterprises to create HSM-as-a-service clouds. Marvell's HSM adapters have the latest FIPS-certified security boundary, designed for the most demanding applications deployed at cloud-scale while offering best-in-class cost, performance and energy efficiency for both public and private clouds.

MSI, a world leader in high-performance and innovative computing solutions, announced its brand new software application - MSI Cloud Center. It is designed to be fast, and convenient to securely back up & download files between your PC, Android, and iOS mobile devices. It provides you a private cloud to help backup your photos, videos, and any files on your smartphone to the selected MSI All-in-One PC or desktop. The MSI Cloud Center is designed with efficiency and productivity in mind.

Have you ever received a message which shows that your cloud storage space is nearly full? You will have to either clean your cloud storage or pay for more storage. With the MSI Cloud Center, you don't have to pay an extra fee to enjoy its convenient design on your MSI All-in-One PC or the selected desktop. The MSI Cloud Center allows users to backup and downloads photos, videos, and any other files between the Android or iOS devices and the selected MSI All-in-One PC or desktop.

The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ÆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors.

ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.

A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.

EnGenius Technologies, a leading global manufacturer of networking and voice communications for more than 20 years, has released its first ever security gateway product line—that crucial first line of defense for business networks—bringing unparalleled simplicity, faster speed, enterprise features, enhanced security, and greater cloud management from anywhere. The EnGenius security gateway (ESG) series will consist of three sequential gateway models, beginning with the launch of the ESG510. The ESG series will work seamlessly with any third-party vendor network—all without the complex setup and configuration that plague other gateways.

"We are pleased to announce the launch of our company's very first cloud-managed security gateway. Most security gateways are complicated, but the EnGenius security gateway isn't. Our goal is to make installations easier and insights clearer," said M. C. Leo, general manager at EnGenius Technologies. "The gateway offers the horsepower and feature set to handle any business network of any size. The bottom line is an end-to-end cloud-managed solution that makes installation, configuration, and monitoring a snap."

Apple M1 chips are a part of the Apple Silicon family that represents a new transition to Arm-based cores with new power and performance targets for Apple devices. A portion of building a processor is designing its security enclave, and today we have evidence that M1 processors got a new vulnerability. The PACMAN is a hardware attack that can bypass Pointer Authentication (PAC) on M1 processors. Security researchers took an existing concept of Spectre and its application in the x86 realm and now applied it to the Arm-based Apple silicon. PACMAN exploits a current software bug to perform pointer authentication bypass, which may lead to arbitrary code execution.

The vulnerability is a hardware/software co-design that exploits microarchitectural construction to execute arbitrary codes. PACMAN creates a PAC Oracle to check if a specific pointer matches its authentication. It must never crash if an incorrect guess is supplied and the attack brute-forces all the possible PAC values using the PAC Oracle. To suppress crashes, PAC Oracles are delivered speculatively. And to learn if the PAC value was correct, researchers used uArch side channeling. In the CPU resides translation lookaside buffers (TLBs), where PACMAN tries to load the pointer speculatively and verify success using the prime+probe technique. TLBs are filled with minimal addresses required to supply a particular TLB section. If any address is evicted from the TLB, it is likely a load success, and the bug can take over with a falsely authenticated memory address.

At RSA Conference this week in San Francisco, Intel reinforced its commitment to security. At the event, leaders from Intel and its ecosystem partners came together to discuss how the company is addressing some of the toughest security challenges, including hybrid workforces and an increase in connected devices. Intel's approach remains steadfast, investing in unparalleled people, processes and products to deliver security without sacrificing performance.

As the cyber and network security landscapes continue to grow and evolve, Intel's goal is to stay one step ahead by driving innovation across products and research to help build strong security communities both internally and externally. Intel's 2021 Product Security Report noted that 93% of vulnerabilities addressed in Intel products were a direct result of Intel's proactive investment in security assurance. Security begins with Intel, and every component in the system—from software to silicon and network to edge—plays its part to help secure data.

Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, today announced the release of its latest encrypted USB drive, IronKey Vault Privacy 50 (VP50) with FIPS 197 certification and AES 256-bit hardware-encryption in XTS mode for data security. Kingston IronKey Vault Privacy 50 supports Admin, User, and One-Time Recovery passwords with Complex or Passphrase modes. This multi-password option enhances the ability to recover access to data on the drive should one of the passwords be forgotten. While traditional Complex mode allows for passwords from 6-16 characters using 3 out of 4 character sets, the new passphrase mode gives users the ability to have a numeric PIN, sentence, list of words, or even lyrics from 10 to 64 characters long that's unique, yet memorable to them. To aid in password entry, the "eye" symbol can be enabled to reveal the typed-in password to reduce failed login attempts.

Admin can also enable a User and a One-Time Recovery password or reset the User password to restore data access. In addition, VP50 protects against Brute Force attacks by locking out User or One-Time Recovery passwords upon 10 invalid entries in a row and crypto-erases the drive if the Admin password is entered incorrectly 10 times in a row. So, while data is lost, there's no fear of a breach.

AMD today announced new Confidential virtual machines (VMs) on the existing the N2D and C2D VMs on Google Cloud, all powered by AMD EPYC processors. These VMs extend the AMD EPYC processor portfolio of Confidential Computing on Google Cloud with the performance of 3rd Gen EPYC processors in compute-optimized VMs.

A key Confidential Computing component provided by AMD EPYC processors is AMD Secure Encrypted Virtualization (SEV), part of AMD Infinity Guard. This advanced hardware-based security feature encrypts full system memory and individual virtual machine memory as well as isolating the VM memory from the hypervisor, without dramatically impacting performance. With the expansion of Confidential Computing in N2D and C2D VMs, Google Cloud customers now have access to advanced hardware enabled security features powered by 3rd Gen AMD EPYC processors that will help protect sensitive, wide-variety workloads.

In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.

The US Cybersecurity and Infrastructure Security Agency, or CISA, is advising consumers and businesses to retire a whole range of D-Link routers, due to the devices being EOL. This is due to a severe vulnerability that affects the devices that goes under the CVE-ID of CVE-2021-45382. This is a remote command execution (RCE) vulnerability and it's not likely to get patched by D-Link and is considered serious enough that these devices should be taken offline post-haste. The vulnerability would allow an attacker to take over these devices using "diagnostic hooks" in the ncc2 service, which is tied to the DDNS function and would allow an attacker to gain full access by injecting malicious code.

Proof of concept code already exists on GitHub, which makes the likelihood of this attack vector being used even more likely. The known affected devices so far are the D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L and all hardware revisions are affected. Most of these routers were released around 2012 to 2014 and are either 802.11n or 802.11ac devices based on what appears to be Realtek or Ralink (now MediaTek) hardware. These aren't the only devices that CISA has given advice on recently, as the D-Link DIR-610 and DIR-645, as well as the Netgear DGN2200 are also devices that CISA recommends retirement for.

Microsoft is giving final touches to a what it refers to as a groundbreaking new security feature update for the Windows 11 operating system, which should significantly improve application-level security, and safeguard you from malicious apps based on the way they behave. Trouble is, to use the feature, you will have to reinstall your operating system (i.e. a clean reinstall), if you're on the current release of Windows 11, or any build that's older than the one that carries this update.

The Smart App Control feature by default blocks untrusted or uncertified applications from running on your PC, and unlike browser-level protections such as Smart Screen, is baked directly into the OS, and monitors application code at a process level, to detect potentially malicious application behavior. It does this using a combination of code-signing by the application publisher and an AI model for trust within the Microsoft cloud. The OS keeps in touch with the cloud 24x7 (whenever the PC is up), to receive the latest threat intelligence and AI model updates from the cloud. It's very likely that Smart App Control will be part of the next significant version milestone of Windows 11 (such as "22H2"), which means everyone on 22H1 or older will be made to reinstall to use it.