HomeWinBuzzer NewsMicrosoft’s New Kernel Data Protection Coming to Windows 10

Microsoft’s New Kernel Data Protection Coming to Windows 10

Kernel Data Protection protects Windows 10 system memory by converting it to read-only and storing it in the new VBS technology.

-

's efforts to prevent malware attacks are gaining a new weapon. The firm has this week published technical details about a service called Kernel Data Protection (KDP). This new security tool will soon be integrated into .

According to Microsoft, the feature stops malware and other threats from accessing and changing Windows 10's system memory. KDP will allow developers to leverage programmatic APIs to change some parts of the Windows kernel to read-only.

“For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver,” Microsoft's Base Kernel Team points out. “KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”

While Kernel Data Protection is a security-focused feature, Microsoft says it has other abilities. For example, it can be used as a digital rights management tool. Furthermore, the service comes with the following benefits named by Microsoft:

  • “Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
  • Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don't necessarily represent security vulnerabilities
  • Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem.”

Details

KDP will work over a new tech the company is bringing to Windows 10. Called virtualization-based security (VBS), the tech uses the underlying PC hardware to create a secure region for memory away from the normal OS system.

Kernel Data Protection takes the read-only kernel memory and moves it to the VBS. Any Windows 10 machine that supports the new VBS will also receive KDP. Those PCs are ones that support:

  • “Intel, AMD or ARM virtualization extensions
  • Second-level address translation: NPT for AMD, EPT for Intel, Stage 2 address translation for ARM
  • Optionally, hardware MBEC, which reduces the performance cost associated with HVCI”
SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News