Microsoft’s New Kernel Data Protection Coming to Windows 10

Kernel Data Protection protects Windows 10 system memory by converting it to read-only and storing it in the new VBS technology.

's efforts to prevent malware attacks are gaining a new weapon. The firm has this week published technical details about a service called Kernel (KDP). This new tool will soon be integrated into 10.

According to , the feature stops malware and other threats from accessing and changing 10's system memory. KDP will allow developers to leverage programmatic APIs to change some parts of the Windows kernel to read-only.

“For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver,” Microsoft's Base Kernel Team points out. “KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”

While Kernel is a -focused feature, Microsoft says it has other abilities. For example, it can be used as a digital rights management tool. Furthermore, the service comes with the following benefits named by Microsoft:

  • “Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
  • Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don't necessarily represent security vulnerabilities
  • Providing an incentive for driver developers and vendors to improve compatibility with -based security, improving adoption of these technologies in the ecosystem.”


KDP will work over a new tech the company is bringing to . Called -based security (VBS), the tech uses the underlying PC hardware to create a secure region for memory away from the normal OS system.

Kernel Data Protection takes the read-only kernel memory and moves it to the VBS. Any machine that supports the new VBS will also receive KDP. Those PCs are ones that support:

  • “Intel, AMD or ARM virtualization extensions
  • Second-level address translation: NPT for AMD, EPT for Intel, Stage 2 address translation for ARM
  • Optionally, hardware MBEC, which reduces the performance cost associated with HVCI”