Microsoft’s upcoming Windows 10 Creators Update will include two new protections for Edge that will make it more costly for attackers to use a fresh attack to remotely hack Windows devices.
Microsoft has been promising major security enhancements in its Windows 10 Creators Update, which is expected to arrive in April.
Today, Microsoft announced two Creators Update security features for Edge, which could make a previously unknown or zero-day flaw much harder to convert into an actual exploit that gives the attacker full control over a Windows device.
The new exploit mitigation features are called Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG). Together they aim to prevent attackers from modifying code or loading malware into memory. CIG will require that all DLLs be signed by Microsoft.
Microsoft security software engineer Matt Miller explains that attackers often use memory safety bugs in a browser to run malicious code on a device. Attackers chose this because it’s the cheapest way of attacking Windows. But just like developers, black hat hackers are sensitive to costs.
Miller says browser exploits typically consist three components, including: a remote code execution (RCE), which enables malicious native code to run on the device; an attempt to elevate privileges or escape a secured sandbox; and the payload, such as a ransomware or spyware.
Since all exploits rely on the first step — running malicious native code — to achieve the second two, CIG and ACG targets the first step to raise the cost for attackers.
“By breaking this critical link in the chain, we can influence the exploit economics by invalidating the attacker’s software design assumptions and forcing refactoring costs on them,” Miller writes.
At least one security expert is impressed with what Microsoft is planning. Dan Guido, CEO of security firm Trail of Bits, reckons these two features put Edge in front of Google’s Chrome in terms of security since they effectively enforce code signing of all DLLs.