Microsoft's Ambitious Plan to Secure Windows 10 From Physical Vulnerabilities

When it comes to security, the list of ways that attackers can steal information from your environment is growing at a rate faster than researchers can plug the holes. If you need any proof of this, take a look at how frequently Microsoft is patching Windows.

It’s not completely fair to call out Microsoft in this way, every piece of software that is used in the enterprise is frequently patched or worse, left open and exposed. It is the nature of the beast, we need more complex software to run operations efficiently but that complexity and integration creates more potential weaknesses for attackers to exploit.

But one of the evergreen challenges is that securing software and hardware from remote attacks has been easier to manage but when an attacker has physical access to a device, keeping it secure is nearly impossible. That’s the task that Microsoft taking on with Pluton and they are working with AMD, Intel, and Qualcomm to bring it to market.

Image #1 Expand
Image Credit: Microsoft

Up to today, for Windows, TPM has been the hardware component utilized in modern devices to securely store keys and data that verify the integrity of the system. But the downside to TPM setups is that when an attacker has physical access to a device, attackers can target the communication BUS between the TPM and the CPU.

To resolve this issue, Microsoft says that Pluton will remove the communication channel and build the security hardware directly into the CPU. At first, Pluton architecture will emulate a TPM to work with existing APIs and Windows will use the security processor to “protect credentials, user identities, encryption keys, and personal data”.

This is where Microsoft gets confident as the company says “none of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC” – that’s a big claim and if it holds up, will be a significant enhancement for security on Windows devices.

Microsoft first started deploying this type of solution with the Xbox One in 2013 and more recently with Azure Sphere. But the big question is when will it arrive for new devices and that timeline is a bit unclear. The company says that AMD, Intel, and Qualcomm will introduce this technology starting with ‘future’ chips which means late next year is likely the first chance but for wide-scale adoption, think years, not months.

Related Topics:

  • Windows 10
  • Windows Client OS
  • BECOME A PETRI MEMBER:

    Don't have a login but want to join the conversation? Sign up for a Petri Account

    Register
    Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.