What you need to know
- Microsoft explains how Secured-core PCs mitigate attacks like Thunderspy in a new post.
- Thunderspy utilizes the Thunderbolt port to affect direct access memory.
- Secure-cored PCs have Kernel direct access memory protection to protect from Thunderspy and similar attacks.
Microsoft explains how Secured-core PCs help prevent attacks like Thunderspy from being able to access PCs in a new post. Thunderspy was recently revealed by a team of researchers at Eindhoven University of Technology. The attack method utilizes the Thunderbolt port to gain access to a device's memory. It requires physical access to a device, but it can work even if a device is locked and has hard disk encryption.
Microsoft provides a breakdown of how Thunderspy works to give context to the attack and how Secured-core PCs combat it. In short, an attacker uses a serial peripheral interface flash programmer through a devices Thunderbolt connection. This step gives an attacker access to the PC's Thunderbolt controller firmware. The attacker can then copy and patch the Thunderbolt controller firmware and put the patched version back onto the device. The end result is that an attacker gains access to a device and its data without needing a password.
Secured-core PCs support Kernel direct access memory protection. This type of protection relies on the Input/output Memory Management Unit, allowing it to block external peripherals from gaining altering direct access memory unless a device is signed in and the screen is unlocked. A video from Microsoft Ignite 2019 explains this in more detail.
While these protections don't make a device impenetrable, they do greatly reduce the ease of attacks, according to Microsoft. Microsoft explains in the post:
This means that even if an attacker was able to copy a malicious Thunderbolt firmware to a device, the Kernel DMA protection on a Secured-core PC would prevent any accesses over the Thunderbolt port unless the attacker gains the user's password in addition to being in physical possession of the device, significantly raising the degree of difficulty for the attacker.
Secured-core PCs also have hypervisor protected code integrity, which ensures that kernel code cannot be writable and executable.
While these protections make it more difficult for an attacker to gain access to a device, nothing makes a device completely impervious to attacks. Microsoft wisely uses words like "mitigate" rather than "eliminate" when referring to lowering risk factors. On a related note leaked video recently showed that Microsoft's Surface devices don't have Thunderbolt ports due to security concerns.
We may earn a commission for purchases using our links. Learn more.
Update 6: Microsoft wants all of TikTok, but Trump's order may interfere
The Financial Times reports that as part of negotiations, Microsoft is now inquiring whether it can buy all of TikTok, instead of just the business in the US., Canada, Australia, and New Zealand. This new plan would include India and Europe (and excluding China).
Apple responds to Project xCloud iOS block, Microsoft kicks back
With Microsoft's Project xCloud streaming platform locked out from iOS devices, Apple doubles down on App Store restrictions.
Review: Kingston made a great PCIe SSD with self-encryption
Not all PCIe SSDs are created equally. Kingston has replaced the KC2000 with the KC2500, rocking better transfer speeds and other notable improvements. It's also capable of self-encrypting, making this one awesome drive for sensitive data.
10 must-have apps for any new PC
You just purchased a new PC and set it up, and now you're looking for some great apps. Look no further. These are the best apps for your new Windows 10 PC.