{"id":44643,"date":"2021-12-08T05:15:10","date_gmt":"2021-12-08T05:15:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/microsoft-extends-secured-core-concept-to-servers\/"},"modified":"2021-12-08T05:15:10","modified_gmt":"2021-12-08T05:15:10","slug":"microsoft-extends-secured-core-concept-to-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-extends-secured-core-concept-to-servers\/","title":{"rendered":"Microsoft extends Secured-core concept to servers"},"content":{"rendered":"

Microsoft has extended the Secured-core concept it applied to PCs in 2019<\/a> to servers, and to Windows Server and Azure Stack HCI.<\/p>\n

Secured-core sees Microsoft work with hardware manufacturers to ensure that their products include TPM 2.0 modules, ship with Secure Boot enabled by default in BIOS, and use the Dynamic Root of Trust for Measurement tech that allows use of Intel’s Trusted Execution Technology (TXT) and AMD’s Secure Virtual Machine (SVM).<\/p>\n

Once those elements are in place, Microsoft is confident hardware is harder to compromise with firmware-based attacks, and is less susceptible to running unverified code.<\/p>\n

Redmond’s announcement<\/a> of Secured-core servers explains that its approach buttresses defences against threats such as ransomware because it employs Hypervisor-Protected Code Integrity (HVCI) \u2013 a tech that only allows signed executables from known good sources to run.<\/p>\n

The Mimikatz password-dumping tool \u2013 a favorite of attackers seeking to plant ransomware \u2013 fiddles with the Windows kernel as it works. Microsoft reckons a Secured-core server running HVCI will spot it at work and make ransomware scum’s life harder. This is no bad thing.<\/p>\n