virtualization-based security – Computer Security Articles

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

June 5, 2018 admin attestation report, cybersecurity, data protection, Hypervisor Code Integrity (HVCI), Microsoft Azure, runtime attestation, secure memory enclaves, SQL Server, VBS enclaves, virtualization-based security

Credit to Author: Windows Defender ATP| Date: Tue, 05 Jun 2018 16:00:15 +0000

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks,

Microsoft Security

Introducing Windows Defender System Guard runtime attestation

April 19, 2018 admin cybersecurity, runtime attestation, VBS enclaves, virtualization-based security, Windows 10, Windows Defender System Guard

Credit to Author: Windows Defender ATP| Date: Thu, 19 Apr 2018 16:00:57 +0000

At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need. In Windows 10 Fall Creators Update, we reorganized all system

Microsoft Security

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

March 27, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Coreinfo, Creators Update, CVE-2017-005, Device Guard, EoP, PALETTE, Product features and announcements, SMEP, virtualization-based security, Windows 10, Windows 10 Creators Update, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits, ZIRCONIUM

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…