Is called "Hardware-enforced Stack Protection" the new security features Microsoft is working on to ensure greater security on PCs Windows. The goal of this new solution is to insure protection for software code in the CPU cache (according to Zdnet). The primary purpose is to protect the memory stack, that is where the code of a software is stored during execution. "Hardware-enforced Stack Protection" works by imposing one strict management of the memory stack through the use of a combination made by a CPU and the so-called "shadow stack".
The latter term (detailed explanation on Wikipedia) refers to copies of the expected execution flow of a software (i.e. the execution order of the code). What is intended to do "Hardware-enforced Stack Protection" is to use security features within the hardware for keep a copy of the software shadow stack in a safe environment.
According to Microsoft this solution will prevent malware from changing the normal flow of software code execution by exploiting common memory bugs such as "stack buffer overflow, dangling pointer or uninitialized variables". Changes that don't match the shadow stack are ignored, and this is ignored should block any exploit attempts.
Hari Pulapaka, manager of the Microsoft Windows Kernel Group, explained that "Hardware-enforced Stack Protection" is currently in development and for this reason the functionality has been integrated in the initial version in the latest Windows 10 Insider builds in the "Veloce" development channel (Fast). Developers can take advantage of these builds to test their software and find any problems. Interested parties can find technical details and resources at this address.
Currently "Hardware-enforced Stack Protection" only works on Intel processors that support "Control-flow Enforcement Technology" (CET). At the moment it is not clear which Intel processors support CET, a technology that the company talked about 4 years ago. Microsoft specifies that if software with support for the new functionality is found to run on a previous generation platform, it will function as always.
This novelty straddling hardware and software is only the latest that Microsoft proposes to improve security. Last year Microsoft announced Secured-core PCs, a brand behind which devices are hidden in which computer and processor manufacturers must comply with some strict rules to ensure that the system firmware cannot be changed without authorization.
"We are exploring security features with deep hardware integration to further increase the level of protection from attacks. We will make it difficult and expensive for attackers to make large-scale attacks," said Pulapaka, implying that in the future we will see many other news that they will bind the Windows kernel to the hardware.
