Microsoft announces new kernel security features for Windows 10

Spread the love

Microsoft has shared the first details of its new kernel data protection feature in Windows. It is a feature that blocks certain types of malware. Microsoft provides APIs to developers for this, which they can use to make certain parts of the kernel read-only.

According to Microsoft, kernel data protection is intended to prevent data corruption attacks. These attacks are used, for example, to increase system privileges, change the security policy of systems, or modify certain data structures. Kdp includes a set of APIs that allow developers to designate certain parts of kernel memory as read-only. This prevents attackers from changing this memory, which prevents, for example, the above attacks, ZDNet writes.

Microsoft distinguishes between ‘static kdp’ and ‘dynamic kdp’. The former allows software running in kernel mode to protect part of its own image from being manipulated by another program in the kernel environment. Dynamic kdp helps software running in kernel mode to allocate and release read-only memory from a ‘secure pool’. The memory that is freed up from this can only be initialized once, so it can no longer be modified.

This concept of protecting kernel memory has “valuable uses for the Windows kernel,” according to Microsoft, but it can also be used for third-party drivers. Think, for example, of anti-cheat or DRM software. In addition to the security improvements, kdp also has some other benefits, according to Microsoft. For example, there is a performance gain, because kdp reduces the workload for attestation components. These components no longer need to periodically verify data variables that are read-only by kdp.

The new feature works on the basis of virtualization-based security. Vbs can be started on computers that support virtualization extensions for Intel, AMD or ARM. The PC must also support second-level address translation. Hardware support for mode-based execution control is recommended as it reduces performance costs. Computers with the Secured-core label support all of these features by default.

Kdp has since been incorporated into the most recent Windows 10 Insider build. It is not yet clear when Microsoft will add the feature to the regular version of Windows 10.

You might also like