1.    17 Nov 2015 #1
    Join Date : Oct 2013
    Posts : 15,685
    64-bit Windows 10 Pro build 14955

    Protecting Microsoft Edge against binary injection

    In May, we announced that Microsoft Edge was saying goodbye to binary extensibility models such as ActiveX and Browser Helper Objects. This change made browsing in Windows faster, more secure, and more stable than ever, while paving the way for better interoperability with other browsers and modern extension models. Those improvements are at risk, however, if uninvited extensions in the form of DLLs (Dynamic-Link Library) are injected into the browser. The latest Windows 10 updates strengthen Microsoft Edge with industry-leading enforcement against loading unauthorized DLLs into Microsoft Edge content processes.

    What is the problem?

    Web browsers are an attractive target, because in-browser advertisements can be a significant source of revenue. If someone can replace or even add to the advertisements the user sees, they can redirect that cash flow. Because some programs seek to change user settings without the user’s consent, Microsoft Edge is hardened to protect user settings (including protecting search results and other web content from third party injection). Developers who are determined to tamper with the user’s settings may resort to injecting DLLs into the Edge process, bypassing the built-in interfaces for settings controls.

    This is a common reason why some users end up with toolbars installed or third party content injected on pages without their intent or consent. These uninvited additions can degrade the performance, stability, and security of the browser, and hence become a problem for the user. An attack on a web browser begins with a memory corruption of some kind that allows the attacker to take control of the browser. Once they have a toehold, they pull in more and more of their attack software, and set about changing what the user’s PC does—from being for their benefit to being malicious. However, that initial hole is often very small, so it is common for an attacker to download a DLL of their code and just load it into the victim process. The attacker is trying to colonize the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorized DLL injection makes browser exploits more difficult and more expensive for attackers to carry out.

    Blocking unwelcome code injection with Module Code Integrity

    Starting with EdgeHTML 13, Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers. DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work. For ordinary use, users should not notice any difference in Microsoft Edge.

    Code integrity enforcement can be done in the process, or in the kernel. Enforcement in the process is only useful if the threat model is that the process is not yet compromised, because if it has been compromised, then the hacked process can just disable the code integrity check for itself. Microsoft Edge uses enforcement in the kernel, which is robust against a compromised process, so that even a pernicious ad injector cannot turn off the code integrity check. With the browser process model and the Windows kernel helping each other in this way, Microsoft Edge becomes the first and only PC browser with library content integrity protection.

    While requiring DLLs to be signed is not a silver bullet—there’s no such thing in browser security—it adds substantially to the sophistication and expense required to attempt to target Microsoft Edge users. We continue to investigate further ways to thwart code injection into Microsoft Edge.

    User Benefits

    This change arrives as part of EdgeHTML 13, which is included with the latest automatic updates to Windows 10. Like many other Microsoft Edge security enhancements, this DLL code signing mitigation will make it less likely for the browser to be hacked. It also reinforces Microsoft Edge against unwelcome binary “extensions” that slow down and or destabilize the browser. This unwanted software is often unstable and can crash the browser session, in addition to potentially polluting web pages with unwanted content or malicious search results.

    We introduced this change to the Windows Insider Program with build 10547, and we have already seen tremendous results. From a sample of about 65,000 Windows Insider users of 10547, module code integrity protected 2704 users from attempts to load adware and malware. Additionally, by preventing software vendors from taking dependencies on the internal binary bits of the browser, we preserve the agility of Microsoft Edge to rapidly innovate, and deliver our users the most modern web browsing experience possible.

    We are committed to continuing to reinforce Microsoft Edge against malicious and unwanted content, and are hard at work delivering an extension model that will serve these principles. We look forward to sharing more on that front soon—in the meantime, let us know what you think in the comments below or @MSEdgeDev on Twitter.

    Crispin Cowan, Senior Program Manager, Microsoft Edge

    Source: Protecting Microsoft Edge against binary injection | Microsoft Edge Dev Blog
      My System SpecsSystem Spec

  2.    17 Nov 2015 #2
    Join Date : Jul 2015
    Eastbourne East Sussex UK
    Posts : 2,365
    Windows 10 Home x64: 1607 Redstone (1) Build 143934.321

    Nice read thanks for posting this
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Sr. Citizen On Protecting Against Crypto, etc. On New PC ?
Hello, Will be getting new desktop PC with W10 in a few days. Sr. Citizen now, and not ver sharp with PC's anymore, frankly. My old PC with W7 was clobbered by that CryptoLocker and I think it was called CBT Locker or something similar...
AntiVirus, Firewalls and System Security
Microsoft Edge Bad Rep.
I am beginning to think that I gave Microsoft Edge a bad Rep. I switched to Google Chrome and now I am still having problems with logging onto web pages. I think that it may be a Windows 10 problem. I use CCleaner every night before I shut down so I...
Browsers and Email
Microsoft Edge
How can I reinstall Microsoft Edge? My fonts in it are messed up, and I can't figure out how to fix it.
Browsers and Email
Microsoft Edge?
Can I get Microsoft Edge on Windows 8.1? Thanks, Tyler
Browsers and Email
These are the messages hidden in Belfiore's Windows binary shirt
Read more: http://www.windowscentral.com/joe-belfiores-windows-10-binary-shirt-build-decoded
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:46.
Find Us
Twitter Facebook Google+

Windows 10 Forums