https://www.microsoft.com/security/blog/2019/07/31/how-windows-defender-antivirus-integrates-hardware-based-system-integrity-for-informed-extensive-endpoint-protection/
Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). It’s not without challenges, but the deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of such attacks.
Recently, the Microsoft Defender ATP research team found a malicious system driver enabling a token swap attack that could lead to privilege escalation. In this blog, we’ll share our analysis of the said attack and discuss how Windows Defender Antivirus uses its unique visibility into system behaviors to detect dangerous kernel threats.
Hardware-based root of trust
Windows Defender System Guard, a hardware-based system integrity capability in Microsoft Defender ATP, has a runtime measurement component called runtime attestation. This runtime measurement component includes a sub-engine called assertion engine (see Figure 1), which continuously measures and asserts the integrity of the Windows kernel, providing supplementary signals about any abnormal system behavior.
Figure 1. High-level Windows Defender System Guard runtime attestation architecture
Architecturally, the solution is collectively referred to as the Windows Defender System Guard runtime monitor and consists of the following client-side components:
- The VTL-1 runtime assertion engine itself
- A VTL-0 kernel-mode agent
- A VTL-0 process we call the ‘broker’ to host the assertion engine
The goal is to detect artifacts of data corruption attacks and other threats that tamper with kernel-mode agents at the hypervisor level. Windows Defender Antivirus, the next-generation component of Microsoft Defender ATP, integrates with Windows Defender System Guard runtime attestation and consumes signals from the assertion engine.
Detecting token theft attacks
Every Windows process has a primary token that describes the security context of the user account associated with the process. The information in the token includes the identity and privileges of the user account associated with the process or thread. Token theft attacks are rampant because they can allow adversaries to use access tokens to operate using different user accounts or under different system security contexts to perform malicious actions and evade detection.
The Microsoft Defender ATP Research team recently uncovered and analyzed signals from Windows Defender System Guard assertion engine that indicated manipulation of a primary token, causing token swap –
Further analysis of Windows Defender Antivirus telemetry identified the offending malicious system driver responsible for the invariant token swap attack. The sample containing the system driver was signed with a compromised certificate (thumbprint: 31e5380e1e0e1dd841f0c1741b38556b252e6231) that’s commonly misused in the wild.
Figure 2. Revoked certificate used by malicious system driver
The driver exhibited the following rootkit behavior:
- Token swap
- Tampering EPROCESS structure in kernel mode and PEB to disguise a process as svchost.exe
In this scenario, Windows Defender System Guard raised an initial assertion failure signal for the token swap. Windows Defender Antivirus consumed the signal and applied intelligence to discover that the suspicious activity was being orchestrated by a system driver.
Figure 3. Decompiled malicious driver code for token theft
Using a Microsoft cloud service that that keeps track of stolen or revoked PKI certificates worldwide, Windows Defender Antivirus found that the driver was indeed signed by a revoked or stolen certificate, which was communicating with the infected binary to perform the token swap.
Windows Defender Antivirus works seamlessly with Microsoft cloud services, such as the one that flags binaries signed by stolen or revoked certificates. Signals like these enrich the protection delivered by multiple next-generation protection engines in Windows Defender Antivirus to provide near-instant, automated defense against new and emerging threats. With cloud-delivered protection, next-generation technologies provide rapid identification and blocking of attacks, typically even before a single machine is infected.
Device integrity for broader security
The goal of Windows System Guard runtime attestation is to provide its consumers with a trustworthy assessment of the security posture and integrity of devices. Apps and services can take advantage of this attestation technology to ensure that the system is free from tampering and that critical processes are running as expected. Runtime attestation can help in many scenarios, including:
- Providing supplementary signals for endpoint detection and response (EDR) and antivirus vendors (including full integration with the Microsoft Defender ATP stack)
- Detecting artifacts of kernel tampering, rootkits, and exploits
- Protected game anti-cheat scenarios (for example, detection of process-protection bypasses that can lead to game-state modification)
- Securing sensitive transactions (banking apps, trading platforms)
- Conditional access (enabling and enhancing device security-based access policies)
The assertion engine can detect attacks that can reasonably be performed under the most restrictive attack conditions, such as when system has been already hardened with hypervisor-protected code integrity (HVCI) and enforced kernel mode code integrity (KMCI).
The case study has shown how Microsoft Defender ATP –
To learn more, read our blog about Windows Defender System Guard runtime attestation.