Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows 10|Windows Client OS

Microsoft's Ambitious Plan to Secure Windows 10 From Physical Vulnerabilities

When it comes to security, the list of ways that attackers can steal information from your environment is growing at a rate faster than researchers can plug the holes. If you need any proof of this, take a look at how frequently Microsoft is patching Windows.

It’s not completely fair to call out Microsoft in this way, every piece of software that is used in the enterprise is frequently patched or worse, left open and exposed. It is the nature of the beast, we need more complex software to run operations efficiently but that complexity and integration creates more potential weaknesses for attackers to exploit.

But one of the evergreen challenges is that securing software and hardware from remote attacks has been easier to manage but when an attacker has physical access to a device, keeping it secure is nearly impossible. That’s the task that Microsoft taking on with Pluton and they are working with AMD, Intel, and Qualcomm to bring it to market.

Image #1 Expand
Image Credit: Microsoft

Up to today, for Windows, TPM has been the hardware component utilized in modern devices to securely store keys and data that verify the integrity of the system. But the downside to TPM setups is that when an attacker has physical access to a device, attackers can target the communication BUS between the TPM and the CPU.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

To resolve this issue, Microsoft says that Pluton will remove the communication channel and build the security hardware directly into the CPU. At first, Pluton architecture will emulate a TPM to work with existing APIs and Windows will use the security processor to “protect credentials, user identities, encryption keys, and personal data”.

This is where Microsoft gets confident as the company says “none of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC” – that’s a big claim and if it holds up, will be a significant enhancement for security on Windows devices.

Microsoft first started deploying this type of solution with the Xbox One in 2013 and more recently with Azure Sphere. But the big question is when will it arrive for new devices and that timeline is a bit unclear. The company says that AMD, Intel, and Qualcomm will introduce this technology starting with ‘future’ chips which means late next year is likely the first chance but for wide-scale adoption, think years, not months.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: