TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Kernel Data Protection to safeguard Windows 10 against memory corruption attacks

Microsoft has come up with a new Kernel security mechanism to prevent data corruption attacks. Attackers continue to shift their focus towards data corruption practices in large numbers, according to Microsoft. Widespread memory corruption prevention technologies such as Integrity (CI) and Control Flow Guard (CFG) prevent attackers from causing trouble to the system memory.

Windows 10 One Billion Monthly Active Users

Microsoft launches Kernel Data Protection

As a result, attackers these days rely on data corruption practices that target system security policy, modify ‘initialize once’ data structures, among other things in large numbers.

To prevent such attacks, Microsoft has announced the launch of new technology. Stands of Kernel Data Protection, KDP uses virtualization-based security (VBS) to safeguard part of the Windows Kernel and drivers against data corruption attacks, courtesy of hardware virtualization features.

The primary goal of Virtualization-based security (VBS) is achieved by creating and isolating a secure region of memory from the Windows 10 operating system.

What is Kernel Data Protection (KDP)

Although we briefly touched upon its purpose, what is Kernel Data Protection as far as the big picture is concerned, you may ask? In a nutshell, KDP helps prevent data corruption attacks. It comprises a series of APIs to mark some kernel memory as read-only.

Kernel Data Protection APIs marking a part of kernel memory as read-only essentially prevent attackers from modifying protected memory. Microsoft wrote:

“We’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”

According to Microsoft, Windows kernel, inbox components, security products, and third-party DRM drivers will benefit from the concept of protecting kernel memory as read-only. This way, Microsoft is looking to ensure Windows kernel performance and reliability improvements. It will also incentivize compatibility improvements using VBS and more.

Technologies employed by KDP are compatible with Secured-core PCs implementing a set of device requirements to safeguard the Windows operating system against Kernel-level data corruption attacks.

The KDP implementation of Windows 10 is divided into two parts: Static KDP and Dynamic KDP. Both dynamic and static KDP are already available in the latest Windows 10 Insider Build. Notably, they apply to any kind of memory except for executable pages.

Microsoft has already put up a detailed blog post explaining the implementation of the Kernel Data Protection (KDP) mechanism on the Windows 10 operating system.

Published on Tags:

AnandKhanse@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP (2016-2022). He enjoys following and reporting Microsoft news and developments in the world of Personal Computing.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap