For PC manufacturing and silicon partners, Microsoft is collaborating to develop computers with a stable firmware layer.
The project aims to counter threats targeting firmware and operating systems with the help of Secured-Core PCs, computers that apply best practice for protection to firmware.
Such tools, explains the technology giant, are tailored for sectors such as financial services, public authorities and health care, as well as staff who manage highly sensitive Data, consumer and personal information.
These data is highly useful to hackers of nation-states, and the Russian-linked Strontium hacking group has already been observed with firmware vulnerabilities in its attacks making malicious code difficult to detect and delete.
The firmware that initializes the device’s hardware and other code has a higher level of access and permissions than the hypervisor and the operational machine kernel.
“Secure boot attacks can bypass protections and other security features introduced by the hypervisor or operating system making it harder to determine if the device or client has been compromised,” states Microsoft.
In addition, the security and detection solutions of endpoints have minimal visibility in the firmware, enabling the evasion of attackers targeting this layer.
The tech giant believes that secure-core PCs can escape these attacks because they incorporate identity, virtualization, the operating system, hardware and firmware security. This allows devices to boot securely and to be protected from firmware vulnerabilities while protecting both the operating system and data.
SecOps and IT administrators can also exploit the built-in framework to remotely track health systems and install a software based null-confidence network.
Introducing stable boot on Windows 8 was the first step taken by Microsoft in secure firmware to mitigate risk, such as bootloaders and rootkits.Nevertheless, Secure Boot cannot secure the trusted firmware from threats to vulnerabilities.
“Windows 10 is now introducing Secure Launch System Guard as a primary secure-core PC system feature to protect the boot phase from firmware attacks with new hardware from AMD, Intel and Qualcomm,” Microsoft states.
System Guard uses the Dynamic Root Trust for Measurement (DRTM) functionality of the new AMD, Intel, and Qualcomm silicon to ensure the system restarts to a trustworthy state by increasing firmware trust and mitigating threats.
The capacity is also designed to protect from firmware intrusion the reliability of the virtualisation-based security (VBS) features of the hypervisor.
“And VBS relies on the hypervisor to isolate critical features from the rest of the OS which helps to protect VBS from malware that can have even high privileges infected the regular OS,” says Microsoft.
Secured-core PCs have Trusted Platform Module2.0 (TPM) which tests components that are used during stable release to allow customers to use a System Guard runtime certificate for a zero trust network.
Secured-core PC capabilities should be complemented by a defense-in-depth approach including software security review, automatic updates and a reduction in the area of attack.
Further data on devices such as Dell, Dynabook, HP, Lenovo, Panasonic and Surface that are checked can be accessed on this page.
Source : HackerCombat