There has been a significant increase in the firmware level attacks over the past few years. Microsoft is constantly trying to cope-up with increasing security vulnerabilities in order to protect PC users. However, the attackers always come up with new ways to break into our systems.
It seems like Microsoft’s engineers have found a solution to deal with combat firmware attacks. The Redmond giant has now has announced a new product line called Secured-core PCs. These devices have been specifically designed to protect against the attacks targetted at the firmware level. Moreover, the Secured-core PCs also prevent hackers to access data stored on your disk.
For those who are curious to know how Microsoft managed to implement the strategy, the company basically collaborated with PC and silicon manufacturers. According to Microsoft, these PCs “meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system“.
Popular PC manufacturers such as Lenovo, Dell, Surface, Dynabook, Panasonic, and HP would be launching their own range of Secured-core PCs. There are many organizations that deal with highly sensitive data such as government institutions, financial institutions. Such organizations are always prone to data breaches and security attacks. Microsoft has designed these PCs to meet the security requirements of such organizations.
Microsoft’s partner director of OS security, David Weston stated in a blog post:
“Secured-core PCs combine identity, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them.”
The Secured-core PCs come with the following built-in requirements to protect against firmware level attacks.
Secure Window Loading
The PC only uses the executables provided by approved authorities to boot your systems. The secure window loading mechanism uses Hypervisor Enforced Integrity for that purpose. Furthermore, the malware injection is prevented by setting and enforcing permissions through the hypervisor.
The Secured-core PCs prevent advanced firmware attacks by using System Guard Secure Launch that uses the CPU for device validation purposes.
Protecting Your Identity
Microsoft implemented the passwordless protection mechanism by incorporating Windows Hello in these devices. This addition helps in blocking unauthorized access and prevents identity thefts at the system level.
Although Microsoft has not yet announced the complete details of these devices, you can visit Microsoft’s official site to find more. A number of OEM manufacturers are already offering Secured-core PCs, Surface Pro X for Business is one of them.