“Attackers use data corruption techniques to target system security policy, escalate privileges, tamper with security attestation, modify ‘initialise once’ data structures, among others.
“Kernel Data Protection is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualisation-based security.
“KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
“For example, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver.
“KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.
“The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management software.”