Microsoft paid a record $ 125k for an exploit

Microsoft paid $ 100k to a security reseller from the Zero Day Initiative (ZDI) group for demonstrating how to successfully bypass the latest mechanisms for protecting Internet Explorer 11 from vulnerabilities. We are talking about the mechanisms of the browser under the general title Anti-Use-After-Free ( Anti-UAF ). Another $ 25k was paid for the demonstrated protection mechanism against the detected vulnerability. Payments were made as part of a company-supported initiative called Mitigation Bypass and BlueHat Defense .

Heck it up for you to get the most out of Microsoft Internet Explorer. You can use MemoryProtection as an oracle to completely bypass ASLR.

Mechanisms to protect IE11 from the most common to date vulnerabilities such as use-after-free were added last summer. With the help of special updates, Microsoft added protection called Isolated Heap (isolated heap) and Deferred Free (delayed memory release) to the browser code. Such mechanisms are designed to protect potentially unsafe browser code from exploits that exploit use-after-free vulnerabilities. At the same time, memory allocation for safety-critical objects occurs from a separate “isolated” heap of process memory, and its release (both for an ordinary heap and an isolated one) is delayed.
')
The details of the approach described by the ZDI researchers were not disclosed, however, it is known that the demonstrated approach allows you to cope with the mechanism of Deferred Free (so-called MemoryProtection , from the name of the used C ++ class in IE code, see here ) IE11 is the default (ForceASLR) for all dynamic libraries loaded into the browser's virtual address space.