Windows 10 hardware security enabled by default on new Surface PC

[mood]

Windows 10 hardware security enabled by default on new Surface PC
 

 

Microsoft has unveiled today the new Surface Pro 7+ for enterprise and educational customers, an ultra-light 2-in-1 device that comes with Windows Enhanced Hardware Security features enabled by default.

 

The new Surface PC will help defend against escalation of privilege attacks which target sensitive info stored in a device's memory with the help of virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI) — also known as Memory Integrity.

 

The two hardware security features will be turned on by default on all Surface Pro 7+ devices to protect business customers' data.

 

VBS and HVCI use hardware virtualization capabilities to isolate a memory region from the main OS which blocks threat actors' privilege escalation attempts.

"The security subsystems running in the isolated environment provided by the hypervisor can help enforce HVCI protections, including preventing kernel memory pages from being both writeable and executable," Microsoft said.

 

Windows Enhanced Hardware Security features also boost defenses against malware (Trickbot) and human-operated ransomware attacks (RobbinHood) with 60% fewer malware reports being submitted on HVCI-protected systems.

Removable SSD and secure boot

The newly released Surface Pro 7+ for business also comes with Secure Boot which checks the devices' firmware for any signs of tampering.

 

Customers are also protected from attacks with the help of a security processor (TPM 2.0) which secures and encrypts data and the Windows Hello feature which enables passwordless sign-ins.

 

Surface Pro 7+ also features a removable SSD drive which enables enterprise and educational organizations to protect their data privacy.

"For the first time, Surface Pro 7+ ships with Windows Enhanced Hardware Security features enabled out of the box," Robin Seiler, Microsoft Corporate VP, said.

"We are excited to see such great boosts in both performance and battery while enabling robust Device Protection features."

 

Surface Pro 7+ for Business ships at the end of this week and it joins other recently shipped Surface devices such as Surface Book 3, Surface Laptop Go, and Surface Pro X which also come with HVCI and VBS toggled on out of the box.

 

Last year, Microsoft issued guidance on how to resolve problems with Windows 10 2004 upgrades being blocked and loading driver issues in Windows 10 caused by the Memory Integrity security feature.

 

 

Source: Windows 10 hardware security enabled by default on new Surface PC