San Francisco - Microsoft has introduced a new platform security technology to prevent data corruption techniques being adopted by cyber criminals to target system security policy and tamper with data structures on Windows 10 devices.
Called Kernel Data Protection (KDP), the technology prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS).
According to the company, KDP is a set of APIs (application programming interfaces) that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
"For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with," the tech giant said in a statement this week.
The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.
KDP uses technologies that are supported by default on Secured-core PCs, which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system.
"It enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data," said Microsoft.
On top of the important security and tamper protection applications of this technology, other benefits include:
- Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
-
Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
-
Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem