Cyber attackers are changing their methods of corrupting data in order to guide system security policy, increase privileges, and sometimes even modify data structures. To prevent these malicious attacks, Microsoft released its Kernel Data Protection (KDP) to protect parts of the Windows kernel and drivers through virtualization-based security (VBS). Protection is a set of APIs that will allow part of the core memory to be in read-only mode, preventing attackers from modifying the protected part.
“We have seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious and unsigned driver,” Microsoft said in a statement. “KDP mitigates such attacks by ensuring that policy data structures cannot be manipulated.”
Windows’ approach to protecting core memory as read-only is said to have implications for computer programs that are at the heart of the operating system. KDP will be beneficial for inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.
In addition to security and tamper-proof support, Microsoft adds that its KDP will improve performance by reducing the burden on certification components. These parts will no longer require periodic verification of data variables that are write protected. KDP will also help diagnose memory corruption errors that do not necessarily present a security vulnerability. On the external side, Microsoft sees that installing KDP encourages driver developers and vendors to improve compatibility with their virtualization-based security.
KDP uses secure core PC-compliant technologies as they meet specific system requirements, including the application of best practices for isolation security and minimum trust to technologies that support the Windows operating system. When run in the VBS VLT1 environment, KDP is configured to protect drivers and active software in the Windows kernel from data-based attacks.