Research provides info on Windows 10’s protection system
In a research published today, Microsoft explains how Windows 10 managed to protect users against WannaCry (also referred to as WannaCrypt) , explaining that the built-in mitigation system can provide additional protection, unlike Windows 7 and Windows 8.1 which both lack such features.
The company explains that thanks to virtualization-based security Windows 10 users are protected even before the breach, with the secure kernel stopping malicious code from being loaded into the Windows Kernel through the kernel Control Flow Guard (kCFG) .
Furthermore, Windows 10 can stop shellcode injections with non-executable and randomized kernel memory regions (NS Paged Pool and KASLR) .
In case the breach does occur, Device Guard and Windows Defender work together to block and intercept the malware in the initial stages of the attack, allowing only authorized applications to run and analyzing suspicious files. Furthermore, there’s Windows Defender Advanced Threat Protection which protects networks, providing IT admins with reports and information on attack attempts for each computer in the network.
Microsoft also goes on to explain how critical it is to install the latest security updates on Windows systems, pointing out that most compromised systems were running unpatched version of Windows 7.
“While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. For older Windows versions like Windows 7 and Windows Server 2008 that didn’ t take the fix in security bulletin MS17-010, but had cloud protection turned on (in Microsoft Security Essentials or Windows Defender AV) WannaCrypt was prevented from executing, ” Microsoft explains.
“However, these older versions do not have the level of exploit hardening and platform features (e.g., Device Guard, instant cloud protection etc.) available in Windows 10 to effectively protect against the threat.”
More recently, white-hat hackers managed to port WannaCry to Windows 10, though no specifics were provided, with the whole project created only for research purposes and not to put Windows users at risk.