Jump to content
Login new information ×
Login new information

Microsoft’s new Kernel Data Protection technology for Windows 10 will make kernel memory read-only

Karlston

By Karlston
in Security & Privacy News

Recommended Posts

Karlston

Karlston

Posted
Posted

Microsoft’s new Kernel Data Protection technology for Windows 10 will make kernel memory read-only

kernel.png

 

In the constant battle with hackers, Microsoft has just played another card, by introducing a new Kernel Data Protection technology which will make it harder for attackers to use data corruption techniques to bypass security and escalate privileges.

 

Kernel Data Protection (KDP) makes sections of kernel memory read-only and prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS).

 

The technology would mitigate a new form of attack seen recently where hackers exploit signed but vulnerable drivers to install malicious, unsigned drivers which then tamper with memory. With read-only protection even signed drivers would not be able to change important memory structures and settings.

 

Microsoft said the technology was needed to head off attackers, as hackers are increasingly frustrated by Code Integrity (CI) and Control Flow Guard (CFG) security technologies and look for other exploit routes.

 

Microsoft says the technology has other benefits also including:

  • Performance improvements — KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
  • Reliability improvements — KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
  • Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem

Not all Windows systems will be able to implement KDP, as the platform needs to support virtualization-based security (VBS). The technology is already available in the latest Insider builds of Windows 10.

 

Read all the detail at Microsoft here.

 

via Betanews

 

 

Microsoft’s new Kernel Data Protection technology for Windows 10 will make kernel memory read-only

 

ThanksForReading200x49.jpg

Link to comment
Share on other sites
  • Views 652
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...