Microsoft has extended the Secured-core concept it applied to PCs in 2019 to servers, and to Windows Server and Azure Stack HCI.
Secured-core sees Microsoft work with hardware manufacturers to ensure that their products include TPM 2.0 modules, ship with Secure Boot enabled by default in BIOS, and use the Dynamic Root of Trust for Measurement tech that allows use of Intel’s Trusted Execution Technology (TXT) and AMD’s Secure Virtual Machine (SVM).
Once those elements are in place, Microsoft is confident hardware is harder to compromise with firmware-based attacks, and is less susceptible to running unverified code.
Redmond’s announcement of Secured-core servers explains that its approach buttresses defences against threats such as ransomware because it employs Hypervisor-Protected Code Integrity (HVCI) – a tech that only allows signed executables from known good sources to run.
The Mimikatz password-dumping tool – a favorite of attackers seeking to plant ransomware – fiddles with the Windows kernel as it works. Microsoft reckons a Secured-core server running HVCI will spot it at work and make ransomware scum’s life harder. This is no bad thing.
Secured-core PCs are not hard to find. Just about every leading vendor offers such a configuration.
At the time of writing, Microsoft lists 42 servers that meet the spec when running Windows Server, plus four systems to run Azure Stack HCI.
Microsoft’s post also indicates that Azure-certified IoT devices can use the Secured-core spec. ®