The Pluton security processor is designed to protect hardware and firmware from vulnerabilities

by Don Sharpe
Don Sharpe
Don Sharpe
Author
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Microsoft announced the development of its first-ever security processor, dubbed the Pluton during the Consumer Electronics Show this year. 
  • The product was jointly developed by AMD and Qualcomm in collaboration with Microsoft.
  • The chip is expected to provide cloud-based security for Windows devices.

During this year’s Consumer Electronics Show, COVID led to fewer new Windows 11 devices being announced than in previous years. 

However, Lenovo, one of the PC partners working with Microsoft on the new operating system, demoed its first products running Windows 11 at the show.

Cloud-based security

In 2020, Microsoft announced its first security processor, the Pluton. AMD and Qualcomm developed this product in partnership with Microsoft. The chip is intended to provide cloud-based security for devices running Windows 11.

Pluto is a security service designed to eliminate opportunities for attackers to reduce the attack surface within Windows PCs.

Pluton processor

Microsoft’s Pluton processor first appeared in the Xbox console and Azure Sphere. The chip combines a CPU and a Trusted Platform Module (TPM) into one package, verifying the integrity of an operating system.

Moreover, the root of trust is on the processor itself, thwarting attacks in which a malicious agent inserts itself between the CPU and a trusted entity to steal data. This action strengthens the chain of trust for the TPM.

The User Account Control (UAC) feature allows users to be differentiated between administrators and regular users, which enables the system to enforce additional access protections and limitations that protect the computer from user-targeted attacks.

Importance of the Pluton processor

The ‘Spectre’ and ‘Meltdown’ security flaws demonstrated that attackers can sit between the processor and the operating system and potentially read the transmission of highly sensitive data.

Since mitigating Spectre and Meltdown came with a cost in performance, we had to disable these protections on some machines where the impact on database performance was unacceptable.

For many years, experts have predicted that hardware-based defenses would be necessary to mitigate processor attacks.

Firmware updates

Often, hardware vulnerabilities like Spectre and Meltdown can be mitigated only by firmware updates. As a result, the process of applying these updates may not be well-received.

The process of updating firmware requires a lot of overhead and management, which makes it difficult to automate.

In the past, PC users of Microsoft Windows were required to check manually for firmware updates, select firmware updates to install or use a vendor-provided tool to deploy them.

Contrary to most other Windows machines, Surface devices do not receive their firmware updates through Windows Update, Microsoft’s Windows Software Update Services (WSUS), System Center Configuration Manager, or Intune.

Are you excited to see the Pluton processor come to Windows devices? Share your thoughts with us in the comment section below.