Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.
What with security features preventing users from updating to the latest Windows 10 2004 version, and emergency out-of-band updates for critical flaws hitting the headlines, Windows 10 users are due some good security news if you ask me. And the good news has arrived: Microsoft has revealed that a new feature, perhaps best described as security on steroids, has already been rolled out in the latest Windows 10 Insider Build. That feature is Kernel Data Protection (KDP) and it promises to be something of a security game-changer.
What is Kernel Data Protection?
In a July 8 technical deep dive by Andrea Allievi of the Security Kernel Core Team, Microsoft introduced what it refers to as a new platform security technology for preventing data corruption. KDP operates by enabling developers to secure certain parts of the Windows kernel and drivers in read-only mode, by way of a set of application programming interfaces (APIs) and so stop hackers from modifying protected memory.
The long and short of it is that this will block those threat actors who commonly rely upon data corruption methodologies to facilitate their attacks. Attacks that might seek to escalate privileges, install malicious unsigned drivers and software, and more. Hackers, threat actors, those with malicious intent; whatever you call them, they have been moving towards data corruption as a favored method of attack for some time now. Microsoft seeks to stop that.
Will you need a Windows 10 Secured-core PC to benefit from KDP?
KDP was first mentioned by Microsoft when Secured-core PCs came onto the market. These “combine identity, virtualization, operating system, hardware and firmware protection,” according to Microsoft. And it’s the virtualization-based security (VBS) aspect that comes to the fore as far as KDP is concerned. The KDI APIs mean that that parts of the Windows kernel memory labeled as read-only are isolated from the rest of the operating system by VBS.
The good news is that even if you don’t yet have a Secured-core PC, both KDP and VBS will work on Windows 10 computers that support ARM, AMD or Intel virtualization extensions along with second-level address translation. More information is provided in the deep dive posting and in a document in the Microsoft hardware dev center site.
“KDP enhances the security provided by the features that make up Secured-core PCs by adding another layer of protection for sensitive system configuration data,” Allievi said.
How long until KDP comes to all Windows 10 users?
The one thing that Allievi isn’t saying, and I cannot tell you, is precisely when the KDP feature will come out of Windows Insider testing and into mainstream release. Let’s hope it’s not too long for those of us with the hardware to support it, as anything that effectively reduces the Windows 10 attack surface by minimizing attack vectors really can’t come too soon.