Since the whole concept hinges on the ability to keep going even if the root partition has been compromised, Wojtczuk examined VPS from the perspective of an attacker who has already broken into the root partition -- for example, if an attacker bypasses Secure Boot to load a Trojanized hypervisor.
“The security posture of VBS looks good, and it improves the security of a system -- certainly it requires additional highly nontrivial effort to find suitable vulnerability allowing the bypass,” Wojtczuk wrote in the accompanying white paper.
Existing documentation suggests Secure Boot is required, and VTd and Trusted Platform Module (TPM) are optional for enabling VBS, but that isn’t the case. Administrators need to have both VTd and TPM to protect the hypervisor against a compromised root partition. Simply enabling Credential Guard isn’t enough for VBS. Additional configuration to ensure that credentials don’t show up in the clear in the root partition is necessary.
Microsoft has put in a lot of effort to make VBS as secure as possible, but the unusual attack surface is still cause for concern, Wojtczuk said.
The security bar is higher
The breakers, which includes criminals, researchers, and hackers interested in seeing what they can do, are engaged in an elaborate dance with Microsoft. As soon as the breakers figure out a way to bypass Windows defenses, Microsoft closes the security hole. By implementing innovative security technology to make attacks harder, Microsoft forces breakers to dig deeper to get around them. Windows 10 is the most secure Windows ever, thanks to those new features.
The criminal element is busy at work, and the malware scourge doesn’t show signs of slowing down soon, but it’s worth noting that most attacks nowadays are the result of unpatched software, social engineering, or misconfigurations. No software applications can be perfectly bug-free, but when the built-in defenses make it harder to exploit existing weaknesses, that is a victory for the defenders. Microsoft has done a lot over the past few years to block attacks on the operating system, and Windows 10 is the direct beneficiary of those changes.
Considering that Microsoft beefed up its isolation technologies in Windows 10 Anniversary Update, the road to successful exploitation for a modern Windows system looks even tougher.
Sign up for CIO Asia eNewsletters.