Microsoft has launched a new platform security technology to limit data corruption ways being used by cybercriminals to target system security policy and tamper with data structures on Windows 10 devices. Named Kernel Data Protection (KDP), the technology limits data corruption attacks by defending parts of the Windows kernel and drivers through virtualization-based security (VBS).
According to Microsoft, KDP is a set of APIs (application programming interfaces) that give the ability to mark some kernel memory as read-only, preventing attackers from eternally modifying protected memory. "For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with," Microsoft stated in a statement this week.
The concept of guarding kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.
KDP uses technologies that are supported by default on Secured-core PCs, which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system.
"It enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data," told Microsoft.