Microsoft: Ransomware Attacks Can be Prevented by Using Secure-Core Servers

Microsoft: Ransomware Attacks Can be Prevented by Using Secure-Core Servers

Microsoft has announced the availability of the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices to safeguard customers’ networks from security threats such as ransomware. Secured-core devices are advertised as a solution to the growing number of firmware vulnerabilities that attackers may use to circumvent Secure Boot on Windows workstations and the lack of visibility at the firmware stage in today’s endpoint security solutions.

Since October 2019, all Secured-core devices have had built-in protection against attacks that exploit firmware and driver security issues. They can help guard against malware that tries to disable security solutions by exploiting driver security holes. Secure boot and the Trusted Platform Module 2.0 are used by the newly certified Secured-core servers to ensure that only trusted applications may load on boot. 

They also use Dynamic Root of Trust Measurement (DRTM) to put the operating system in a trustworthy state, preventing malware from tampering with it. Hypervisor-Protected Code Integrity (HVCI) is also used by Secured-core servers to prevent all executables and drivers (such as Mimikatz) from starting unless known and permitted authorities to sign them.

Furthermore, because Virtualization-based security (VBS) is enabled out of the box, IT managers can quickly enable features like Credential Guard, which protects credentials in a secure environment invisible to attackers, according to Microsoft. 

Secured-core servers can assist make it considerably more challenging for threat actors (particularly ransomware gangs like REvil) to move laterally over the network by rejecting credential theft attempts, thereby stopping their assaults before they can achieve persistence and release their payloads.

The Azure Stack HCI catalog and the Windows Server Catalog listings now provide dozens of models with Secured-core server capability. The locally installed and browser-based Windows Admin Center tool allows you to control the servers’ configuration and status together with all Windows clients on the network.

Microsoft highlighted that the Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0 capabilities of the Secured-core server may be simply configured using the Windows Admin Center UI.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.