diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md index 22bd90eabb..40d2e4935b 100644 --- a/windows/security/book/hardware-security-silicon-assisted-security.md +++ b/windows/security/book/hardware-security-silicon-assisted-security.md @@ -42,16 +42,16 @@ With new installs of Windows 11, OS support for VBS and HVCI is turned on by def - [Enable virtualization-based protection of code integrity][LINK-2] +### :::image type="icon" source="images/new-button-title.svg" border="false"::: Hypervisor-enforced Paging Translation (HVPT) + +Hypervisor-enforced Paging Translation (HVPT) is a security enhancement to enforce the integrity of guest virtual address to guest physical address translations. HVPT helps protect critical system data from write-what-where attacks where the attacker can write an arbitrary value to an arbitrary location often as the result of a buffer overflow. HVPT helps to protect page tables that configure critical system data structures. + ### Hardware-enforced stack protection Hardware-enforced stack protection integrates software and hardware for a modern defense against cyberthreats like memory corruption and zero-day exploits. Based on Control-flow Enforcement Technology (CET) from Intel and AMD Shadow Stacks, hardware-enforced stack protection is designed to protect against exploit techniques that try to hijack return addresses on the stack. Application code includes a program processing stack that hackers seek to corrupt or disrupt in a type of attack called *stack smashing*. When defenses like executable space protection began thwarting such attacks, hackers turned to new methods like return-oriented programming. Return-oriented programming, a form of advanced stack smashing, can bypass defenses, hijack the data stack, and ultimately force a device to perform harmful operations. To guard against these control-flow hijacking attacks, the Windows kernel creates a separate *shadow stack* for return addresses. Windows 11 extends stack protection capabilities to provide both user mode and kernel mode support. -[!INCLUDE [new-24h2](includes/new-24h2.md)] - -Hypervisor-enforced Paging Translation (HVPT) is a security enhancement to enforce the integrity of guest virtual address to guest physical address translations. HVPT helps protect critical system data from write-what-where attacks where the attacker can write an arbitrary value to an arbitrary location often as the result of a buffer overflow. HVPT helps to protect page tables that configure critical system data structures. - [!INCLUDE [learn-more](includes/learn-more.md)] - [Understanding Hardware-enforced Stack Protection][LINK-3] diff --git a/windows/security/book/images/chip-to-cloud.png b/windows/security/book/images/chip-to-cloud.png index 702264c85f..e26a786101 100644 Binary files a/windows/security/book/images/chip-to-cloud.png and b/windows/security/book/images/chip-to-cloud.png differ diff --git a/windows/security/book/images/hardware-on.png b/windows/security/book/images/hardware-on.png index 23664c4c63..79dbe2aee5 100644 Binary files a/windows/security/book/images/hardware-on.png and b/windows/security/book/images/hardware-on.png differ diff --git a/windows/security/book/images/hardware.png b/windows/security/book/images/hardware.png index 834b6c5dca..a16761650c 100644 Binary files a/windows/security/book/images/hardware.png and b/windows/security/book/images/hardware.png differ diff --git a/windows/security/book/images/windows-security.png b/windows/security/book/images/windows-security.png new file mode 100644 index 0000000000..558b4790e0 Binary files /dev/null and b/windows/security/book/images/windows-security.png differ