Windows Virtualization-Based Security

• Virtual Secure Mode isolates the Windows OS to help prevent advanced persistent threat attacks.
• The mode underlies security features such as Credential Guard and Memory integrity.
• Windows 11’s hardware requirements mean Virtual Secure Mode and associated security features can be automatically enabled, but use on Windows 10 is possible.

On devices capable of running Windows 11, and on some Windows 10 devices with the required hardware, the Hyper-V hypervisor can be securely loaded to create a Virtual Secure Mode (VSM). VSM is instrumental in supporting Credential Guard and Memory integrity features in the OS. These virtualization-based security (VBS) features can help thwart advanced persistent attacks.

Leveraging Virtualization to Improve Security

On the Windows OS, critical code executes in kernel mode (also known as ring 0), with full access to device memory, while application code executes in user mode (ring 3), with limited memory access. Code running in kernel mode is kept separate from code running in user mode, but poorly written or malicious code running in kernel mode, such as a device driver, can still introduce a vulnerability to the OS that may be hard to detect.