Windows 10 Security- By working with Windows 10 device manufacturers, Microsoft hopes to make firmware security compromises, those that happen before Windows itself boots, a thing of the past. The new initiative sees the introduction of updated “Secured-Core” devices, which have additional protections “baked-in” to defend against targeted firmware attacks.
What are targeted firmware attacks?
These attacks are, by Microsoft’s own admission, far from the norm. However, “in the last three years alone,” David Weston, director of OS security at Microsoft, said, “NIST’s National Vulnerability Database has shown nearly a five-fold increase in the number of firmware vulnerabilities discovered.”
Indeed, for anyone who is on the sharp end of this particular risk-stick, the results can be catastrophic, especially if the victim device is within a financial services, government or financial services environment. An advanced persistent threat (ATP) attacker, often associated with nation-state groups or well-resourced criminal organizations, that successfully compromises PC firmware gets a truly persistent and stealthy foothold on that machine. A malicious hold that can survive not only reboots but the re-installation of the operating system or a replacement of the hard drive itself.
Detecting such compromises is as tricky as you might imagine; Microsoft’s own, highly regarded, Windows Defender antivirus protection, like other such applications, runs at the operating system level.
Does this sound familiar, Windows users?
Sure, the idea of limiting how an operating system launches is nothing new. Microsoft introduced this, courtesy of Secure Boot, way back in Windows 8. To mitigate the risk of rootkits that run before the operating system itself launches, Secure Boot relied upon Unified Extensible Firmware Interface (UEFI) firmware so that only “properly signed” bootloaders such as the Windows boot manager itself could execute.
Have you spotted the problem with this yet? Yep, that’s right: what if the already trusted firmware itself was compromised? Threats that can exploit vulnerabilities in that trusted firmware are not mitigated by Secure Boot alone. Enter Microsoft and System Guard Secure Launch to protect the boot process from these firmware attacks.