Microsoft announced today a new security feature for the Windows operating system. From a report: Named “Hardware-enforced Stack Protection,” this feature allows applications to use the local CPU hardware to protect their code while running inside the CPU’s memory. As the feature’s name suggests, its primary role is to protect the (memory) stack — where an app’s code is stored during execution. “Hardware-enforced Stack Protection” works by enforcing strict management of the memory stack through the use of a combination between (1) modern CPU hardware and (2) shadow stacks. The term shadow stacks is a new one and refers to a copies of a program’s intended execution flow (also referred to as the code’s execution order). The new “Hardware-enforced Stack Protection” feature plans to use the hardware-based security features in modern CPUs to keep a copy of the app’s shadow stack (intended code execution flow) in a hardware-secured environment.
Read more of this story at Slashdot.