“Windows 11’s Security Push Puts Microsoft on a Collision Course: The minimum hardware requirements for Microsoft’s next operating system will leave plenty of PCs stranded.”
WIRED, July 1, 2021
Security
By Lily Hay Newman
“An attempt to boost the security of Windows devices may leave millions of them more vulnerable in the long run.”
When Microsoft debuted Windows 11 at the end of last week, the company heralded the usual advancements in efficiency and design that come with any new operating system. But Windows 11 also comes with a less welcome tick: stricter-than-usual hardware requirements for which PCs can actually run it. Because of what Microsoft has described as security concerns, many devices—even some currently for sale—won’t ever be able to upgrade, leaving a generation of PCs stranded on Windows 10.
To run Windows 11, devices must have an Intel Core processor from at least 2017, or AMD Zen 2 processors from 2019 onward. They’ll also need at least 4 GB of RAM and 64 GB of hard drive storage. Microsoft’s own $3,500 Surface Studio 2 desktop, which you can buy new from the company right now, doesn’t make the cut under these requirements. Microsoft is still exploring the possibility that slightly older chips will make the cut, but either way, you’ll need a pretty recent device to upgrade your operating system.
“Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works,” David Weston, Microsoft director of enterprise and operating system security, wrote on Friday. “We are announcing Windows 11 to raise security baselines with new hardware security requirements built-in.”
That baseline appears to hinge on a Trusted Platform Module, or TPM 2.0 chip, a component Microsoft has required in all new Windows devices since 2016. But not all devices that contain a TPM 2.0 chip actually have it enabled, and the process of activating it is technical and involved when it‘s doable at all. Microsoft or individual PC manufacturers would likely need to offer free, in-person assistance to make it feasible for most customers, both individuals and businesses, to enable latent TPM and other features like SecureBoot. Plus, some current device models that you can purchase today still don’t include TPM 2.0s, simply because they’ve been manufactured since before the requirement went into place.
By tying Windows 11 availability to that specific hardware feature, Microsoft may leave scores of devices even more vulnerable in the long run. Those who can’t update to Windows 11 will still have Windows 10, but not forever. Microsoft plans to end support for its 2015 operating system—currently installed on 79 percent of Windows devices worldwide, according to analytics site StatCounter—on October 14, 2025. That will mean no more security patches for the large population of devices that can’t transition onto Windows 11.
About the Author:
Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate magazine and was the staff writer for Future Tense, a publication and project of Slate, the New America Foundation, and Arizona State University. Additionally her work has appeared in Gizmodo, Fast Company, IEEE Spectrum, and Popular Mechanics. She lives in New York City.
