Windows 10 security: Microsoft reveals 'Secured-core' to block firmware attacks

The new layer of security is for high-end PCs and the first Windows 10 'Secured-core' PC is the Arm-powered Surface Pro X.

Buying a new Windows PC? Find the features that matter most There’s more to the right hardware choice than speeds and feeds. Ed Bott shares some features from the latest generation of PCs that will make you more productive and less frustrated. Read more: https://zd.net/2A3S6y1

While Apple has complete control over the hardware and operating system, Microsoft historically has not. 

But now Microsoft is aiming to bring its control over hardware up to Apple's level through partnerships with Windows PC makers. The goal is to protect devices from attacks that exploit the fact that firmware has higher privileges than the Windows kernel.

Microsoft these days is also a hardware company and it's taken DRM-hacking lessons learned from the Xbox and applied them to the Windows hardware ecosystem under the new 'Secured-core' initiative. 

Consumers won't see any 'Secured-core' branding on PCs and the technology will only exist on the latest Windows 10 hardware with chipsets from Intel, Qualcomm, and AMD. 

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)    

But on new high-end hardware like the Surface Pro X and HP's Dragonfly laptops, consumers will enjoy an extra layer of security that isolates encryption keys and identity material from Windows 10, which could be compromised by attacks on device-specific firmware.   

At its heart, the new firmware protection comes from a Windows Defender feature called System Guard. That feature is intended to protect Windows 10 PCs from new attacks used by the likes of state-sponsored hacking group APT28 or Fancy Bear, which was caught late last year using a novel Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs.   

"If you get a piece of kernel-level malware on your standard operating system, the attacker can't access critical features," Dave Weston, partner director of Windows security at Microsoft, told ZDNet.   

"It's pretty similar to what other manufacturers might be doing with a specific security chip, but we are doing this across all different manners of CPU architectures and OEMs, so we can bring this to a much broader audience, and they can select the form factor or product that matches them but with the same security guarantees as if Microsoft created it." 

Weston is responsible for the security engineering of Windows, Windows Server, the Azure OS, as well as Windows Red Team, which focuses on offensive security research

The overall approach is derived from Microsoft's experience in preventing people from hacking its Xbox gaming consoles. 

"Xbox has a very advanced threat model because we don't trust the user even in physical possession of the device. We don't want the user to be able to hack the console to run their own games," said Weston. 

"Also, when you take it out of the game domain and you put into the real-world physical domain, you want the same guarantee that an attacker cannot access your code and data. We took our own learnings and worked with silicon vendors to develop a strategy to deal with advanced threats." 

Special feature

Special report: A winning strategy for cybersecurity (free PDF)

This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.

Read More

Microsoft already has Secure Boot. However, that feature assumes the firmware is trusted to verify bootloaders, meaning attackers can exploit trusted firmware. APT28's rootkit was not properly signed, which meant Windows PCs with Windows Secure Boot enabled were not vulnerable because the system only permits signed firmware to load.

However, once infected, APT28's malware could survive an OS reinstall or hardware drive replacement. 

Microsoft's new security initiative comes as attackers and security researchers increasingly turn their attention to firmware. Disclosed firmware vulnerabilities were fewer than 50 in 2016, but jumped to 400 in 2017, and to just under 500 in 2018. 

The reason firmware is so attractive to attackers is that the firmware layer has greater access and higher privileges than hypervisors, like Microsoft's Hyper-V, and the Windows kernel.

Attack the firmware, and features like Secure Boot are undermined. Antivirus also has limited visibility of what's happening at the firmware layer, giving attackers a cloak to operate under.

SEE: Microsoft is offering a 'free' Windows 7 extended security update to some business users

Microsoft offered this explanation of Windows Defender's System Guard Secure, highlighting that it also helps protect its virtualization-based security.  

"System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and ARM to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path," Microsoft said. 

It added that the mechanism helps limit the trust assigned to firmware and so provides a strong mitigation against sophisticated targeted threats against firmware. 

"This capability also helps to protect the integrity of the virtualization-based security (VBS) functionality implemented by the hypervisor from firmware compromise. VBS then relies on the hypervisor to isolate sensitive functionality from the rest of the OS which helps to protect the VBS functionality from malware that may have infected the normal OS even with elevated privileges," Microsoft said.  

"Protecting VBS is critical since it is used as a building block for important OS security capabilities like Windows Defender Credential Guard, which protects against malware maliciously using OS credentials and Hypervisor-protected Code Integrity (HVCI) which ensures that a strict code integrity policy is enforced and that all kernel code is signed and verified."