deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

edit'

Browse Source
This commit is contained in:
Justin Hall 2018-09-18 13:05:13 -07:00
parent 8a5f9580d3
commit 04e916d697
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
author: aadake author: aadake
ms.date: 09/06/2018 ms.date: 09/18/2018
--- ---
# Kernel DMA Protection for Thunderbolt™ 3 # Kernel DMA Protection for Thunderbolt™ 3
@ -14,6 +14,12 @@ ms.date: 09/06/2018
**Applies to** **Applies to**
- Windows 10 - Windows 10
Beginning in 2013, Intel added incremental capabilities to Thunderbolt technology to reduce DMA exposure.
When the host is properly configured with these capabilities, an end user would have to first approve the Thunderbolt peripheral when initially attached to the port, approved as either **Connect Only Once** or **Connect Always**.
Although this methodology mitigates most physical DMA attacks from un-authorized Thunderbolt devices, if a Thunderbolt device with a PCIe slot is approved as **Connect Always**, a physical “DMA attack” might still be possible given the correct hardware and physical access to a previously approved Thunderbolt device with PCIe expandability (such as PCIe slot or ExpressCard).
Although the **Connect Only Once** option does provide additional mitigation from such attacks, it places an unwelcome burden on the end user who would be required to approve the device every time its connected.
In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports.
Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely.