Developers Club geek daily blog

1 year, 2 months ago
Microsoft disclosed some technical details of big updating for Windows 10 about which we wrote recently. It is about the Edge web browser for which increased security measures with transition to the special EdgeHTML 13 platform were included. Now the web browser will block loading of those DLL libraries which are not supplied with the digital signature from Microsoft. This measure will significantly increase immunity of the web browser to advertizing software which specializes in implementation DLL in web browsers, and also from malicious software and ubiquitous toolbars.

Microsoft increased safety of the Edge web browser

It should be noted that certain security measures which distinguish it from Internet Explorer 11 were initially taken for the Edge web browser. For example, it does not support the mechanism of outdated types of the ActiveX and Browser Helper Objects (BHO) expansions. Edge also does not use the engine for work with VBScript (VBScript.dll) in which enough RCE vulnerabilities was found.

DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked.

Thus, for loading in a context of process of Edge, the library has to be supplied with the digital signature of Microsoft, or has to be signed according to the WHQL program (for drivers). Edge performs check of legitimacy and integrity of the file (integrity) at Windows kernel level that allows to secure this process against possible effects of implementation in the working web browser of a malicious code which can prevent it (so-called library content integrity protection).

Except the above-mentioned, the Edge web browser by default works as 64-bit in the AppContainer mode. It profitable distinguishes it from Internet Explorer 11 which by default is always started as 32-bit on low Integrity Level. For switching of IE 11 special setup, also as well as for AppContainer of tabs (Enhanced Protected Mode) is provided in the 64-bit mode. Similar operation modes are not included in IE 11 by default only because of questions of its compatibility with different outdated plug-ins and components to which they can prevent. Both of these modes significantly increase immunity of the web browser to influence of exploits and attacks like drive-by download.

Edge also uses the latest mechanisms for protection of the integrity against exploits, including, MemGC and Control Flow Guard (CFG). The complete list see here.

This article is a translation of the original post at habrahabr.ru/post/271119/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus