Wednesday, March 14, 2012

Microsoft Adds New Exploit Mitigations to IE 10

Via Threatpost -

Windows 8 is still off on the horizon somewhere, but the new version of Internet Explorer that's coming with it--IE 10--already is in consumer preview and it includes some major changes to the exploit mitigations. In addition to the existing implementations of ASLR, DEP and others technologies in Windows and IE, Microsoft has included a couple of new ones designed to further inhibit memory attacks.

The biggest change in IE 10 is a technology called ForceASLR that's meant to help compensate for the fact that not every application on Windows is compiled with the flag that opts them into ASLR. One of the main exploit mitigations that Microsoft has added to Windows in recent years, ASLR (address space layout randomization) essentially turns memory modules into moving targets for attackers, making it far more difficult for them to locate their payloads where they want. This has made browser-based exploits more complicated, but it only works if developers compile their applications with a specific flag, called /DYNAMICBASE, set.

The new ForceASLR technology helps fix that shortcoming by allowing IE to tell Windows to load every module in a random location, regardless of whether it was compiled with the /DYNAMICBASE flag. Microsoft security officials say that this is among the more important additions the company has made to the security of its browser and Windows machines.


In addition to ForceASLR, Microsoft has included another mitigation called High Entropy ASLR that takes advantage of the larger address space that's available on 64-bit Windows machines. The more entropy that the operating system can add to the randomization, the more difficult life will be for attackers who are trying to place their payloads precisely.


Enhanced Memory Protections in IE10

No comments:

Post a Comment