Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from corrupting drivers and software running in the Windows kernel.
“For example, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver,” Microsoft said on the Security Kernel Core Team blog. “KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”
• Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
• Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
• Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem
Highlights: Virtualization-based security used to secure kernel memory, Already released for Windows 10 Insiders
Source: Bleeping Computers