Microsoft has this week announced “Hardware-enforced Stack Protection,” a new security tool for Windows 10. According to the company, the feature will allow apps to tap into the local CPU to protect their code when running on system memory.
This area of the CPU is called the (memory) stack and the new tool will help protect this when code is being stored by an application. Hardware-enforced Stack Protection protects the stack by adding management restrictions through modern CPU hardware and shadow stacks.
We were not familiar with shadow stacks, but Microsoft describes them are copies of an app’s intended execution order. With the feature, the system will access security features in CPUs to make a copy of the app shadow stack.
Microsoft explains how this will work:
“Hardware-enforced Stack Protection offers robust protection against ROP exploits since it maintains a record of the intended execution flow of a program. To ensure smooth ecosystem adoption and application compatibility, Windows will offer this protection as an opt-in model, so developers can receive this protection, at your own pace.”
Currently in Preview
In other words, the service will stop malware from accessing and taking control of an app at its code base. Hari Pulapaka, manager for the Microsoft Windows Kernel Group, says the tool is currently on the Fast Ring on the Inside and is still in early development.
“In order to receive Hardware-enforced stack protection on your application, there is a new linker flag which sets a bit in the PE header to request protection from the kernel for the executable,” Pulapaka explained in a blog post.
“If the application sets this bit and is running on a supported Windows build and shadow stack-compliant hardware, the Kernel will maintain shadow stacks throughout the runtime of the program,” the Microsoft adds.