deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

edited intro

Browse Source
This commit is contained in:
Justin Hall
2018-09-19 13:28:36 -07:00
parent 04e916d697
commit f7da7763b0
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: aadake
ms.date: 09/18/2018
ms.date: 09/19/2018
---
# Kernel DMA Protection for Thunderbolt™ 3
@ -14,17 +14,13 @@ ms.date: 09/18/2018
**Applies to**
- Windows 10
Beginning in 2013, Intel added incremental capabilities to Thunderbolt technology to reduce DMA exposure.
When the host is properly configured with these capabilities, an end user would have to first approve the Thunderbolt peripheral when initially attached to the port, approved as either **Connect Only Once** or **Connect Always**.
Although this methodology mitigates most physical DMA attacks from un-authorized Thunderbolt devices, if a Thunderbolt device with a PCIe slot is approved as **Connect Always**, a physical “DMA attack” might still be possible given the correct hardware and physical access to a previously approved Thunderbolt device with PCIe expandability (such as PCIe slot or ExpressCard).
Although the **Connect Only Once** option does provide additional mitigation from such attacks, it places an unwelcome burden on the end user who would be required to approve the device every time its connected.
In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports.
Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely.
This feature does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.
For Thunderbolt DMA protection on earlier Windows versions and other platforms that lack support for Kernel DMA Protection, please refer to Intel documentation.
## Background
PCI devices are DMA-capable, which allows them to read and write to system memory at will, without having to engage the system processor in these operations.