Microsoft launches KDP to prevent data corruption

File photo.

File photo.  

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Cyber-attackers are shifting their methods to corrupt data in order target system’s security policy, escalate privileges and sometimes, even modify data structures.

To ward off such malicious attacks, Microsoft has launched its Kernel Data Protection (KDP) to protect parts of the Windows kernel and drivers via virtualization-based security (VBS).

The protection is a set of APIs that will enable some kernel memory to be in read-only mode, preventing attackers from modifying the protected part.

“We’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver,” Microsoft said in a statement.

“KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.”


Windows’ approach to protect kernel memory as read-only is said to have implication for the computer programmes that at the heart of the operating system.

KDP will be beneficial for inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.

Apart from the security and tamper-proof support, Microsoft adds that its KDP will improve performance by reducing the burden on attestation components. These parts will no longer require periodical verification of data variables that are write-protected.

KDP will also help diagnose memory corruption bugs that don’t necessarily present a security vulnerability.

On the external side, Microsoft sees KDP installation incentivizing driver developers and vendors to enhance compatibility with its virtualization-based security.

KDP uses technologies supported on secured-core PCs as they adhere to specific system requirements, including applying security best practices of isolation and minimal trust to technologies that underpin Windows OS.

When running on VBS environment VLT1, KDP is set up to protect drivers and software active in the Windows kernel against data-driven attacks.

Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Aug 13, 2020 12:01:52 PM |

Next Story