Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Publishes Standards for “Highly Secure” Windows 10 Devices

Microsoft this week published information on the standards a Windows 10 device is required to meet to be considered highly secure.

Microsoft this week published information on the standards a Windows 10 device is required to meet to be considered highly secure.

The company has provided details on both hardware and firmware requirements that these devices should meet, including information regarding processor type, amount of required RAM, virtualization support, support for specific UEFI versions, secure boot support, and more.

In Microsoft’s vision, only devices with an Intel CPU through 7th generation processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium processors, along with those featuring AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx) can be considered highly secure.

The systems must include a processor that supports 64-bit instructions, and should also support Input-Output Memory Management Unit (IOMMU) device virtualization, must have virtual machine extensions with second level address translation (SLAT), and should not mask the presence of these hardware virtualization features, but be available for the operating system to use.

A Trusted Platform Module (TPM) version 2.0 is also needed, along with a cryptographically verified platform boot (Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality). The system must also meet the latest Microsoft requirements for the Trustworthy Computing Group (TCG) specification.

On the firmware side, Unified Extension Firmware Interface (UEFI) version 2.4 or later is a must, as well as firmware that implements UEFI Class 2 or UEFI Class 3. According to Microsoft, only devices that ship with Hypervisor-based Code Integrity (HVCI) compliant drivers can be considered highly secure.

The tech company also notes that a system’s firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default to meet the requirements for highly secure Windows 10 devices. Secure MOR revision 2 is also required, along with support for the Windows UEFI Firmware Capsule Update specification.

The publishing of these standards appears yet another step Microsoft is taking toward providing users with increased security and privacy when using Windows 10 devices. Last year, the company announced that all new platform installations would require signed kernel mode drivers, while this year it revealed Windows 10 protections against various threats, including code injection attacks, PowerShell attacks, and zero day exploits.

Advertisement. Scroll to continue reading.

Related: Windows 10 Exploit Guard Boosts Endpoint Defenses

Related: Windows 10 Can Detect PowerShell Attacks: Microsoft

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

Anand Ramanathan has been appointed as Chief Product Officer at Deepwatch.

Managed security platform provider Deepwatch has appointed Sammie Walker as CMO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.