San Francisco: The technology Called Kernel Data Protection (KDP), prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS).
According to the company, KDP is a set of APIs (application programming interfaces) that provides the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
"For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with," the tech giant said in a statement this week.
- The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.
- KDP uses technologies that are supported by default on Secured-core PCs, which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system.
- "It enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data," said Microsoft.
(Inputs from IANS)
