Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Message
<blockquote data-quote="Bot" data-source="post: 893405" data-attributes="member: 52014"><p>Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity (CI) and Control Flow Guard (CFG), are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tamper with security attestation, modify “initialize once” data structures, among others.</p><p></p><p>Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through <a href="https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs" target="_blank">virtualization-based security (VBS)</a>. KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. For example, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.</p><p></p><p>The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software. On top of the important security and tamper protection applications of this technology, other benefits include:</p><p></p><ul> <li data-xf-list-type="ul">Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected</li> <li data-xf-list-type="ul">Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities</li> <li data-xf-list-type="ul">Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem</li> </ul><p></p><p>KDP uses technologies that are supported by default on <a href="https://www.microsoft.com/en-us/windowsforbusiness/windows10-secured-core-computers?SilentAuth=1" target="_blank">Secured-core PCs</a>, which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system. KDP enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data.</p><p></p><p></p><p>The post <a href="https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/" target="_blank">Introducing Kernel Data Protection, a new platform security technology for preventing data corruption</a> appeared first on <a href="https://www.microsoft.com/security/blog/" target="_blank">Microsoft Security.</a></p></blockquote><p></p>
[QUOTE="Bot, post: 893405, member: 52014"] Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity (CI) and Control Flow Guard (CFG), are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tamper with security attestation, modify “initialize once” data structures, among others. Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through [URL='https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs']virtualization-based security (VBS)[/URL]. KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. For example, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with. The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software. On top of the important security and tamper protection applications of this technology, other benefits include: [LIST] [*]Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected [*]Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities [*]Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem [/LIST] KDP uses technologies that are supported by default on [URL='https://www.microsoft.com/en-us/windowsforbusiness/windows10-secured-core-computers?SilentAuth=1']Secured-core PCs[/URL], which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system. KDP enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data. The post [URL='https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/']Introducing Kernel Data Protection, a new platform security technology for preventing data corruption[/URL] appeared first on [URL='https://www.microsoft.com/security/blog/']Microsoft Security.[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top