New Microsoft KDP blocks malware by protecting the Kernel

  • KPD uses virtualization-based security (VBS) to protect part of the Windows kernel and drivers from data corruption attacks.
  • Basically, VBS creates and isolates a secure Windows 10 memory region.
  • The Windows kernel is the heart of the operating system. Read more about this in our Windows Kernel section.
  • If you’re more interested in updates and security, visit our Windows 10 Security and Update Center.

To fix various PC problems, we recommend DriverFix:
This software keeps your drivers working and protects you from common computer errors and hardware failures. Check all your drivers now in 3 easy steps:

  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problem drivers.
  3. Click Update Driver Software to get new versions to avoid system crashes.
    DriverFix was downloaded by 546,310 readers this month.

According to a post on Microsoft’s security blog, attackers who have been warded off by security technologies that prevent memory corruption are currently shifting their focus to data corruption.

“Attackers use data corruption techniques to target system security policy, escalate privileges, tamper with security attestation, modify initialize once data structures, among others.”

To counter the attacks, Microsoft is launching a new technology, Kernel Data Protection (KDP).

How does Kernel Data Protection protect your OS?

KPD uses virtualization-based security (VBS) to protect a portion of Windows kernel and drivers from data corruption attacks, leveraging hardware virtualization capabilities.

Basically, VBS creates and isolates a secure Windows 10 memory region.

In this way, protecting the kernel memory as read-only also protects third-party inbox components, security products, and DRM drivers.

According to Microsoft, the protection is implemented in two parts:

  • Static KDP allows software running in kernel mode to statically protect part of its own image from manipulation by another entity in VTL0.
  • Dynamic KDP helps kernel-mode software allocate and free up read-only memory from a secure pool. The memory returned from the pool can be initialized only once.

What do I need to get Kernel Data Protection?

You don’t need to do anything special to take advantage of the kernel’s new data protection. If you have VBS support, you can also use KDP with an application in Windows 10.

According to Microsoft, VBS is currently compatible with any computer that supports:

  • Intel, AMD or ARM virtualization extensions
  • Second Level Address Translation: NPT for AMD, EPT for Intel, Stage 2 Address Translation for ARM
  • Optional, MBEC hardware, which reduces the performance costs associated with HVCI

KDP is already included in the latest version of Windows 10 Insider Build. We don’t know yet when it will be included in the stable version of Windows 10.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top