Microsoft: Turn off Memory Integrity if it’s causing problems

Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off. The advice, issued last week, should bring relief to many users of Memory Integrity, a feature designed to protect Windows computers from badly behaved drivers.

Memory Integrity is a feature inside a broader set of protections called Core Isolation. It uses hardware virtualisation to protect sensitive processes from infection. These features are a subset of virtualisation-based security features that Microsoft has offered to enterprise users since Windows 10 shipped. It rolled out Core Isolation and Memory Integrity to all Windows editions in 2018.

Memory Integrity (also called hypervisor-protected code Integrity or HVCI), uses Microsoft's Hyper-V hypervisor to virtualise the hardware running some Windows kernel-model processes, protecting them against the injection of malicious code.

One use case for Memory Integrity is to protect Windows from user-mode drivers and applications that misbehave, perhaps due to an exploited security flaw. Hardware drivers are pieces of software developed by the hardware vendors that enable devices to work with Windows. Even legitimate drivers can have bugs. An attacker could use those bugs to gain privileged access to the system. Memory Integrity walls off sensitive kernel processes from that software.

When Microsoft first shipped this feature as an upgrade, you had to enable it. In fresh installations of Windows, it was turned on by default.

This virtualisation-powered technology is great at protecting your system, but it isn't without its drawbacks. Users have complained that they're not compatible with different brands and builds of PCs, and that they don't work with peripherals, including Microsoft's own webcams.