Microsoft Hardware-Enforced Stack Protection Arrives on Windows

Hardware-enforced Stack Protection allows users to protect their apps by leveraging their CPU. It is currently in preview.


has this week announced “Hardware-enforced Stack Protection,” a new tool for . According to the company, the feature will allow apps to tap into the local CPU to protect their code when running on system memory.

This area of the CPU is called the (memory) stack and the new tool will help protect this when code is being stored by an application. Hardware-enforced Stack Protection protects the stack by adding management restrictions through modern CPU hardware and shadow stacks.

We were not familiar with shadow stacks, but describes them are copies of an app's intended execution order. With the feature, the system will features in CPUs to make a copy of the app shadow stack.

Microsoft explains how this will work:

“Hardware-enforced Stack Protection offers robust protection against ROP exploits since it maintains a record of the intended execution flow of a program. To ensure smooth ecosystem adoption and application compatibility, will offer this protection as an opt-in model, so developers can receive this protection, at your own pace.”

Currently in Preview

In other words, the service will stop malware from accessing and taking control of an app at its code base. Hari Pulapaka, manager for the Kernel Group, says the tool is currently on the Fast Ring on the Inside and is still in early development.

“In order to receive Hardware-enforced stack protection on your application, there is a new linker flag which sets a bit in the PE header to request protection from the kernel for the executable,” Pulapaka explained in a blog post.

“If the application sets this bit and is running on a supported and shadow stack-compliant hardware, the Kernel will maintain shadow stacks throughout the runtime of the program,” the Microsoft adds.