Microsoft has introduced a new platform security technology to prevent data corruption techniques being adopted by cybercriminals to target system security policy and tamper with data structures on Windows 10 devices. Called Kernel Data Protection (KDP), the technology prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS).
According to the company, KDP is a set of APIs (application programming interfaces) that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. "For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with," the tech giant said in a statement this week.
The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software. KDP uses technologies that are supported by default on Secured-core PCs, which implement a specific set of device requirements that apply the security best practices of isolation and minimal trust to the technologies that underpin the Windows operating system. "It enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data," said Microsoft.