Ransomware threats now avoidable with Microsoft’s Secured-core servers

Ransomware Cyber Threats Microsoft Secured Core Servers Digital Risk Protection Windows Server

Microsoft recently announced that the first Secured-core certified Windows Servers and Microsoft Azure Stack HCI devices are now safe against cyberattacks, including ransomware threats.

The tech giant’s Secured-core devices are offered to protect users against the surge of firmware vulnerabilities exploited by threat actors in bypassing Windows devices’ Secure Boot and the deficiency in firmware visibility within the latest endpoint security tools.

Since October 2019, all Secured-core devices have been built to combat cyberattack threats, including those that abuse firmware and driver security vulnerabilities. The tool can also defend users against malware that exploits driver security vulnerabilities to immobilise security tools.

The Secured-core Certified Windows Server utilises Secure boot and Trusted Platform Module 2.0 to guarantee user safety against cyberattacks every time their devices boot up. The updated server also leverages Dynamic Root of Trust Management (DRTM) to startup the device’s operating system (OS) into a trusted state. Any malware that would attempt to tamper with a user’s system will be blocked through this.

Aside from all the beneficial updates mentioned for the updated Secured-core servers, it will also use the Hypervisor-Protected Code Integrity (HVCI) to prevent all executables, drivers, and open-source tools, such as Mimikatz, that authorized users do not approve upon system boot-up.

Microsoft also added that since Virtualisation-based security (VBS) is developed unconventionally, IT admins can straightforwardly enable features to ensure user credentials’ safety in a confidential environment that threat actors will never find.

 

Ransomware threats will now be lessened, thanks to the blocking features of the Secured-core servers that can prevent credential theft attempts.

 

As the Secured-core servers block data breach attempts, ransomware threat actors cannot move laterally inside a network. Their attack will be disrupted right before they can gain momentum and deploy malware.

All Microsoft models with the Secured-core feature can now be found in the Windows Server Catalog lists and the Azure Stack HCI Catalog. Users can manage the configuration and status of the server, along with all Windows clients on a network via a locally deployed browser-based Windows Admin Center application.

The tech giant explained that the Windows Admin Center user interface (UI) enables users to easily configure the Secured-core server’s six features, including Trusted Platform Module 2.0, Virtualisation-based security, Secure Boot, System Guard, Boot Direct Memory Access (DMA) Protection, and Hypervisor Enforced Code Integrity.

About the author

Leave a Reply