Microsoft has revealed a significant step forward in helping secure both past future builds of its Windows 10 software.
The company has revealed its new Kernel Data Protection (KDP) feature, which is able to block attackers and malicious software from gaining access to, and corrupting, data within the operating system’s memory.
Microsoft hopes that the new service can lessen the attack vectors within Windows 10, which has often proved a popular target for hackers and cybercriminals.
Windows 10 security
Microsoft says the launch of KDP was motivated by a recent shift away from memory corruption attacks towards those targeting data corruption. Data corruption attacks can target system security policy, allow escalated privileges, and let attackers tamper with security detection levels – putting millions of devices at risk.
This includes recent threats where attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver.
KDP will look to offer extra security by granting developers access to programmatic APIs, allowing them to designate parts of the Windows kernel as read-only sections, meaning they cannot be tampered with.
“The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software,” the Microsoft Base Kernel Team wrote in a blog post.
“KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”
Microsoft also says that KDP can help bring performance improvements, freeing up attestation components from constant checking and verifying of write-protected data variables, as well as boosting reliability, as the service makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities.
Such technology should also incentivise driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies and hopefully leading to security boosts across the industry ecosystem as a whole.
KDP technology is available to access now, with any computer that supports Intel, AMD or ARM virtualization extensions able to benefit. If you have a secured-core PC, such features are also already on offer, and enabled by default.
social experiment by Livio Acerbo #greengroundit #techradar https://www.techradar.com/news/microsoft-may-have-made-a-huge-jump-in-improving-windows-10-security