MWC 2022: The next Microsoft Pluton Device + PAC technology

[ad_1]

2021 and into 2022 have seen continued innovation in the attack landscape as cybercriminals refine tactics and tools to evade defenses. 2021 saw the highest year on record for zero-day exploits, increased firmware attacks and new tampering attacks targeting security agents. Microsoft and our silicon partners have been vigilant in working to address these trends and we’re proud to share that Qualcomm and Microsoft have partnered on innovations designed to help keep the security capabilities in Windows 11 ahead of attackers. 

We’re excited today to announce that the Lenovo ThinkPad X13s, built with the Qualcomm Snapdragon 8cx Gen 3, is the first ARM platform for Windows that is built on the Microsoft Pluton security architecture.  Pluton is at the center of the security capabilities for Windows 11 providing protection in the boot, identity, credential protection and encryption processes. Pluton also supports chip-to-cloud zero trust using the Azure Attestation Service with Intune. Beyond integrating Pluton, the Lenovo ThinkPad X13s is also a certified secured-core PC, which provides the best possible security capabilities for Windows 11 right out of the box. 

Pluton provides security from the chip to the cloud

Microsoft Pluton is a security processor architecture, pioneered in Xbox and Azure Sphere, that is designed to store sensitive data, like encryption keys, securely with hardware that is integrated into the die of a device’s CPU. This makes access more difficult for attackers, even if they have physical possession of a device. 

Windows 11 PCs built on top of Qualcomm’s latest Snapdragon 8cx Gen 3 Compute Platform, with Qualcomm® Secure Processing Unit (SPU), will leverage advanced hardware capabilities from Microsoft Pluton and Pointer Authentication Codes (PAC). Pluton will leverage advanced hardware capabilities while built-in security countermeasures from PAC protect against common exploit patterns to help customers strengthen their device security posture. On Windows 11 PCs like the Lenovo ThinkPad X13s built with the Qualcomm Snapdragon 8cx Gen 3 Compute Platform, Pluton will provide customers with: 

  • Security updates delivered from the cloud to Pluton  

Alongside support for standard industry controls, Microsoft will help keep the Pluton security processor’s firmware up to date through the Windows Update process. 

  • Physical attack resistance 

With Pluton being on the die of the device’s System on a Chip (SoC), attack vectors like bus interfaces that pass data between the SoC and other components on a motherboard are not exposed to physical attacks. 

  • Trusted, proven security built alongside our partners 

Built on approaches and technologies used in Xbox and Azure Sphere, Pluton is the result of years of collaboration between Microsoft and Qualcomm Technologies and our other ecosystem partners. Alongside other lessons learned from Xbox that have been incorporated into secured-core PCs which help reduce malware instances by 60% and the Windows 11 hardware baselines, Pluton helps to protect sensitive data and add visibility to the boot process in tamper-resistant ways.  

ARM pointer authentication in the QC 8CX G3 helps customers stay ahead of zero-day exploits 

With zero-day exploits targeting memory safety issues reaching record numbers in 2021, Microsoft has continued investing in mitigations against sources of vulnerabilities, including partnering with silicon providers to launch new capabilities like hardware shadow stacks which help disrupt common zero-day exploit techniques. The hardware stack protection (HSP) feature in Windows 11 leverages hardware support to efficiently store return addresses in a shadow stack alongside the software call stack in all programs. This helps to address a common attack in zero-day exploits where the software stack is modified or hijacked to execute malicious code. With the HSP feature the software stack must match the return addresses store in hardware.  If there is a mismatch, a process is safely terminated by the operating system, preventing a successful attack. 

With Windows 11 on the Snapdragon 8cx Gen 3, the ARM pointer authentication hardware capability provides similar robust mitigation against exploits that leverage return-oriented programming (ROP) or stack modification techniques on ARM-based Windows systems.  

Windows binaries are compiled with Pointer Authentication Code instructions, injecting a hash (the PAC) for return addresses at function prologue and verifying the hash immediately before function return to verify that the return address has not been tampered. Windows 11 utilizes the Snapdragon 8cx Gen 3 hardware schemes to generate and verify the PAC to provide resilience against attacks that overwrite the intended return address. This helps to break a common technique attackers use to try to execute malicious code. 

Windows 11 and the Snapdragon 8cx Gen 3 provide advanced capabilities like Microsoft Pluton, Secured-core firmware protection and ARM Pointer Authentication, which together provide the best level of protection for Windows PCs. With devices like the Lenovo ThinkPad X13s with Windows 11, customers are empowered to work and play from anywhere with greater peace of mind knowing that protection is built-in from the chip to the cloud to keep attackers at bay. 

Learn more about Microsoft Pluton and secured-core PCs 

[ad_2]

Source link

Related articles

Xbox Series X consoles are available for Best Buy’s Totaltech members

The Xbox Series X is sometimes a little easier to buy than Sony’s PlayStation 5, but that doesn’t mean it’s a simple endeavor. The good news is that Best Buy has...

Our Flag Means Death creator David Jenkins fancies a fine narrative fabric

For many people, Our Flag Means Death was an unexpected history lesson about the adventures of Stede Bonnet, the real 18th-century pirate who loved the high seas almost as much as...

How to change your default browser in Windows 11

If you’ve updated your PC from Windows 10 to Windows 11, you may have noticed that when you click on a link for a website, a PDF document, or a variety...

Fortnite’s Zero Build mode is bringing people back to the game

Fortnite’s latest season kicked off a big shakeup: developer Epic Games removed building, perhaps the game’s most iconic feature, from the core battle royale modes. It was a risky move that...

What Elon Musk’s Twitter ‘free speech’ promises miss

Thursday morning, Elon Musk offered to buy Twitter to save free speech. “I invested in Twitter as I believe in its potential to be the platform for free speech around the...

Latest articles