Microsoft’s new kernel data protection technology for Windows 10 will make kernel memory read-only
In the constant battle against hackers, Microsoft has just played another card by introducing new kernel data protection technology that will make it harder for attackers to use data corruption techniques to bypass security and elevate risk. privileges.
Kernel Data Protection (KDP) makes sections of kernel memory read-only and prevents data corruption attacks by protecting parts of Windows kernel and drivers with virtualization-based security (VBS).
The technology is said to mitigate a new form of attack seen recently, where hackers exploit signed but vulnerable drivers to install malicious and unsigned drivers which then corrupt memory. With read-only protection, even signed drivers would not be able to modify important memory structures and parameters.
Microsoft has said the technology is needed to ward off attackers as hackers grow frustrated with Code Integrity (CI) and Control Flow Guard (CFG) security technologies and look for other avenues of exploitation.
Microsoft says the technology has other benefits, including:
- Performance improvements – KDP alleviates the load on attestation components, which would no longer need to periodically check data variables that have been write-protected
- Reliability Improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
- Engage developers and driver vendors to improve compatibility with virtualization-based security, improving adoption of these technologies across the ecosystem
Not all Windows systems will be able to implement KDP because the platform must support virtualization-based security (VBS). The technology is already available in the latest Insider versions of Windows 10.
Read all the details at Microsoft here.
Going through Betanews