CATEGORIES
home News

Microsoft Secured-Core PC Initiative Crushes Crippling Firmware Security Attacks

by Brandon HillMonday, October 21, 2019, 11:00 AM EDT
microsoft satya nadella
There's no question that we’re are living in relatively dangerous times with regards to cybersecurity concerns. There isn't a week that goes by that we don't hear of app malware, some large corporation's customers database being raided, or devices themselves being the subject of low-level attacks. The good news, however, is that Microsoft and a number of its hardware partners are working on solutions to help shore up the defenses of our PCs against malicious actors.

Microsoft notes that the National Vulnerability Database has monitored a five-fold increase in firmware-based attacks on devices from 2016 to 2018. The company specifically calls out Russian-based APT28 group (aka FancyBear, Strontium) for using firmware attacks that can reside on a device even if a user reinstalls Windows or installs a new hard drive. This is possible because the firmware has direct access to the hardware on your system and has priority access over the operating system.

In effort to crush attackers like APT28, Microsoft is introducing what it calls the Secure-core PC initiative that its OEM partners will be able to adopt. At its core, the initiative takes a multi-pronged approach to security by offering protection for not only device hardware and software, but also critical firmware. 

microsoft firmware

At the firmware level, Microsoft is counting on System Guard Security Launch, which is a required for a device to be certified as a Secured-core PC. Microsoft says that hardware included on the latest chips from Intel, AMD, and Qualcomm make use of Dynamic Root of Trust for Measurement (DRTM) security.

"[DRTM] enable(s) the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path," writes Microsoft. "This mechanism helps limit the trust assigned to firmware thereby providing a powerful mitigation against cutting-edge, targeted threats against firmware."

DRTM can be further used to protect virtualization-based security (VBS) from malware attacks. System Guard Security Launch works in conjunction with System Management Mode (SMM), which can monitor a PC for firmware changes after it has already booted into the Windows environment, offering another level of protection for customers.

According to Microsoft, Secured-core PCs will be launching in the coming weeks from a number of OEM partners including familiar names like Dell, Hewlett-Packard, and Lenovo. And as you might expect, Microsoft's own first-party Surface devices are also among the PCs supported.

Tags:  Firmware, Microsoft, (nasdaq:msft), strontium, secure-core pc, apt28, fancybear
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment