Microsoft releases early preview of 'hardware-enforced stack protection' feature for Windows 10 Insider previews builds
Hardware-enforced stack protection uses a combination of modern CPU hardware and 'shadow stacks' to protect app code from cyber attacks
Microsoft has announced a new 'hardware-enforced stack protection' feature for its Window operating system that, it claims, will help to improve protection against cyber attacks.
According to Microsoft, this new feature enables apps to utilise the local CPU hardware to protect their code from attacks, while that code is executed inside the CPU's memory.
The security feature is currently under development, and only an early preview of it is available for Windows 10 Insider previews builds (fast ring).
"We aim to make Windows 10 one of the most secure operating systems for our customers and to do that we are investing in a multitude of security features," said Hari Pulapaka, manager for the Microsoft Windows Kernel Group.
According to Pulapaka, the main task of the new feature will be to enforce strict management of the memory stack. In computing architectures, stacks refer to memory areas where data is added or removed in a last-in-first-out manner.
The 'Hardware-enforced stack protection' feature intends to use a combination of modern CPU hardware and shadow stacks (intended execution flow of the programme code) in order to achieve memory stack management.
Microsoft says this will prevent a malicious programme from exploiting common memory flaws, such as uninitialised variable, stack buffer overflows, or dangling pointers, in order to execute arbitrary native code on target machines.
The system will simply ignore the changes that don't match the shadow stacks, thereby thwarting any exploit attempt.
"This technology provides parity with programme call stacks, by keeping a record of all the return addresses via a Shadow Stack," Pulapaka explained.
"On every CALL instruction, return addresses are pushed onto both the call stack and shadow stack, and on RET instructions, a comparison is made to ensure integrity is not compromised. If the addresses do not match, the processor issues a control protection (#CP) exception. This traps into the kernel and we terminate the process to guarantee security."
The new security feature will work only on chipsets that have enabled Intel's Control-flow Enforcement Technology (CET) instructions.
Developers with Intel CET-capable hardware can enable the linker flag on their application to test the feature with the latest Windows 10 insider builds.
More on Security Technology
When hunting for a new IT solution, understand the problem first
Ian Hill of BAM Group warns against being distracted by bells and whistles
Let's Encrypt to revoke three million digital certificates TODAY due to bug in its certificate authority code
Bug was discovered on 29th February. The certificates will be revoked today
Check Point unveils encyclopaedia to explain techniques used by malware to detect virtual environment
A virtual environment differs from common host systems in terms of registry keys, non-common files, and system objects
Intel promises full memory encryption as it presents its data-centric security strategy
Intel promises bigger investment in security following the Meltdown and Spectre security bugs
Microsoft adds supports for tamper protection in Defender ATP
The feature prevents threat actors from modifying security settings on Windows 10 device
Most read
