Windows Secures Boot Process

Changes to the Windows boot process introduced with Windows 8 and Windows Server 2012 make starting the OS more resistant to attack from malware (malicious software). In contrast to changes that make the boot process faster, which primarily benefit desktop or laptop computers that are booted more frequently than servers, the safest Windows boot process requires computers with new and trusted firmware, a trusted OS and antimalware software, and a Trusted Platform Module (TPM). Servers benefit from a more secure Windows that can support new systems that require a higher level of attestation or trustworthiness.

Boot as an Attack Vector

The changes make the Windows Server boot process safer and address more sophisticated attacks, particularly by rootkits targeting the OS. The boot process initializes the hardware, loads the OS, and prepares the computer to run applications when it is turned on. A rootkit is malicious software that infects the kernel-level components of the OS and then hides its presence from antimalware software and system management utilities that monitor running processes. A rootkit is called a bootkit when it attacks the boot process in an attempt to compromise encrypted disks. Rootkit threats can become persistent when they compromise the boot process such that the malware loads and runs each time the computer starts.