Windows 10 Credential Guard Risk Exposed at Black Hat
VIDEO: At Black Hat, Rahul Kashyap, Bromium's chief security architect, discusses flaws in Windows 10 Credential Guard and kernel integrity features.LAS VEGAS--Microsoft's Windows 10 includes many innovative security features that are intended to help minimize risk and improve user experience. One such feature is Credential Guard, which aims to protect users against attacks. However, according to security firm Bromium, many risks remain. In a video interview with eWEEK ahead of a session on Aug. 4 at the Black Hat USA conference here, Rahul Kashyap, chief security architect and executive vice president at security firm Bromium, discussed multiple flaws his firm found in Windows 10, including Credential Guard as well the kernel code integrity feature. Kashyap explained that Credential Guard is an effort from Microsoft to limit or eliminate the risk of an attack known as "Pass-the-Hash," where an attacker is able to access a password or credential hash and then reuse it in an attack. Credential Guard makes use of Windows 10 integrated virtualization, which Kashyap said is a step forward for security, but is still lacking in some security controls. Bromium has alerted Microsoft to the issues it found, and some, but not all, the identified risks have been patched.
"The Credential Guard issue is tricky and will be difficult to fix," Kashyap said.