In-depth

What is the Microsoft Pluton security processor?

A quick look at Microsoft's new approach to CPUs that promises to revolutionise Windows security

Abstract image of the Microsoft logo ontop of a glowing processor

Microsoft Pluton is a new type of secure processor that promises to revolutionise PC security by housing sensitive data inside the chip.

This approach deviates markedly from existing processor architecture, which normally forces the CPU to communicate with a separate trusted platform module (TPM), which stores sensitive data such as encryption keys and critical system information. As cyber security threats have become more sophisticated, hackers have started to target the TPM, something which has led to an explosion in the number of potential attack vectors.

Pluton is designed to address this vulnerability by effectively removing this channel of communication and instead hosting this sensitive information inside the chip. Microsoft claims this makes it impossible to lift things like encryption keys from the hardware, regardless of the type of attack used.

Following a collaboration between Microsoft, AMD, Intel, and Qualcomm, work on the chip was first announced on 17 November 2020, building on a previous iteration that powered the Xbox One.

How does Microsoft Pluton work?

On most PCs today, operating system security is largely handled by the trusted platform module (TPM). This separate hardware component that stores encryption keys and has been a mainstay in computing for more than a decade. Today it’s used to support Windows security programmes like Hello and BitLocker.

The CPU needs to communicate with the TPM, usually across a bus interface, in order for this information to be shared. However, this communication channel also exposes this information to the outside world, something which is frequently being targeted and exploited by hackers in order to lift sensitive data as it moves.

Pluton attempts to solve this by removing this communication channel altogether. Instead, the CPU emulates a TPM onboard the chip, complete with the same specs and APIs, and while still being able to support the same security features that Windows users have come to know. Data such as encryption keys, user biometric data, and account credentials can all be stored directly on the Pluton processor, which are effectively isolated.

Secure Hardware Cryptography Key (SHACK) technology is also used to encrypt the data it holds, adding an additional layer of security.

Hackers would be unable to extract this data as a result, even if they have malware installed or physical access to the machine, according to Microsoft.

When will Pluton processors be released?

The Pluton architecture is expected to feature in a future range of chips designed by AMD, Intel, and Qualcomm. No release date has been given.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020