how do we protect ourselves from kernel exploits? The solution he lays out (and actually forms part of Windows 10) is genius and lays the foundation for some truly interesting innovations down the road
In this final video in the Windows 10 Isolated User mode series Dave takes us through several engineering aspects associated with trustlets. First he describes how lsass.exe (the Local Security Authority Subsystem Service responsible for enforcing security on Windows) now can have a companion process running in the Secure System (LsaIso.exe otherwise known as Credential Guard – tasked with protecting secrets). He then delves into more generic trustlet concerns and how the Secure Kernel in Isolated User Mode deals with these challenges