The National Vulnerability Database has shown a significant increase in the number of targeted firmware attacks since 2016. To protect the integrity of the PC boot process and data stored in memory, Microsoft and its OEM partners have created a new set of device requirements that have been built into specially designed PCs and apply security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system. These new devices are called Secured-core PCs.
“These devices are designed specifically for industries like financial services, government and healthcare, and for workers that handle highly-sensitive intellectual property, customer or personal data, including PII as these are higher value targets for nation-state attackers,” says David Weston, Microsoft partner director of OS security, in a Microsoft Security blog post. “Secured-core PCs combine identity, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them.”
Visit the Microsoft Security blog post to learn more about firmware security and what’s behind the design of Secured-Core PCs. You can also find out how to get devices verified as Secured-core PC, including those from Dell, Dynabook, HP, Lenovo and Panasonic.