14 DAY TRIAL // Microsoft has recently announced a new project that it developed together with partners in the PC industry.
Called Secured-core PCs, these new devices are specifically created to block firmware attacks rather than to just detect them, essentially rendering this threat obsolete, at least at first glance.
National Vulnerabilities Database figures show that the number of firmware vulnerabilities increased substantially in the latest three years, jumping from just 7 detected attacks in 2016 to no less than 476 in 2018.
Microsoft says its Secured-core PCs are built in partnership with PC manufacturers and chip makers, and combine a huge arsenal of security features, including identity, virtualization, operating system, hardware and firmware protection.
“These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected,” David Weston, Partner Director, OS Security, explains.
Secured-core PCs partners
Microsoft’s Trusted Platform Module 2.0 (TPM) is a device requirement for Secured-core PCs, alongside System Guard Secure launch.
“System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path,” Weston further adds.
Secured-core PCs won’t necessarily be offered to consumers, as they are specifically targeted at industries working with highly sensitive data, including government devices, financial services, and healthcare.
Microsoft’s partners for creating Secured-core PCs include Dell, HP, Lenovo, Panasonic, and Dynamic. Microsoft’s Surface Pro X for Business is also labeled as a Secured-core PC. Qualcomm, Intel, and AMD also contributed to the project, which means that buying such a device does not require becoming committed to a specific chip.