Called Kernel Data Protection (KDP), the technology prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS).
According to the company, KDP is a set of APIs (application programming interfaces) that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
“For example, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with,” the tech giant said in a statement this week.
The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.
KDP uses technologies that are supported by default on…
