To counter the attacks, Microsoft is launching a new technology, Kernel Data Protection (KDP).
How does Kernel Data Protection protect your OS?
KPD uses virtualization-based security (VBS) to protect a part of the Windows Kernel and drivers against data corruption attacks, taking advantage of hardware virtualization features. Basically, VBS is creating and isolating a secure region of memory from Windows 10. This way, protecting the kernel memory as read-only will also protect the inbox components, security products, and third-party DRM drivers. According to Microsoft, the protection is implemented in two parts:
Static KDP enables software running in kernel mode to statically protect a section of its own image from being tampered with from any other entity in VTL0. Dynamic KDP helps kernel-mode software to allocate and release read-only memory from a secure pool. The memory returned from the pool can be initialized only once.
What do I need to get Kernel Data Protection?
You don’t have to do anything special to benefit from the new Kernel Data Protection. If you have VBS support, you will also be able to use KDP with an application on Windows 10. According to Microsoft, right now, VBS is supported on any computer that supports:
Intel, AMD or ARM virtualization extensions Second-level address translation: NPT for AMD, EPT for Intel, Stage 2 address translation for ARM Optionally, hardware MBEC, which reduces the performance cost associated with HVCI
KDP is already included in the latest Windows 10 Insider Build. We don’t know yet when it will be included in the Windows 10 stable release.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
