Microsoft boosts Edge web browser security
Microsoft revealed some technical details of a major update for Windows 10, which we recently wrote about . This is a web browser Edge, for which increased security measures were included with the transition to a special platform EdgeHTML 13. Now the web browser will block the download of those DLL-libraries that are not digitally signed by Microsoft. This measure will significantly improve the immunity of the web browser to adware, which specializes in introducing its DLL in web browsers, as well as from malware and ubiquitous toolbars.
It should be noted that for the Edge web browser, initially certain security measures were taken that distinguish it from Internet Explorer 11. For example, it does not support the mechanism of obsolete types of ActiveX and Browser Helper Objects (BHO) extensions. Edge also does not use the VBScript engine (VBScript.dll), in which a sufficient number of RCE vulnerabilities were found.
Thus, to be loaded into the context of the Edge process, the library must be digitally signed by Microsoft, or must be signed under the WHQL program (for drivers). Edge checks the legitimacy and integrity of the file (integrity) at the Windows kernel level, which allows you to protect this process from the possible consequences of introducing malicious code into the working web browser, which can prevent this (so called library content integrity protection ).
')
In addition to the above, the Edge web browser by default works as 64-bit in AppContainer mode. This distinguishes it from Internet Explorer 11, which by default always runs as 32-bit at a low Integrity Level. To switch IE 11 to 64-bit mode, a special setting is provided, as well as for the AppContainer tabs (Enhanced Protected Mode). Such modes of operation are not included in IE 11 by default only because of issues of its compatibility with various obsolete plugins and components that they may interfere with. Both of these modes significantly increase the immunity of the web browser to the effects of exploits and drive-by download attacks.
Edge also uses the latest mechanisms to protect its integrity against exploits, including MemGC and Control Flow Guard (CFG). See the full list here .
It should be noted that for the Edge web browser, initially certain security measures were taken that distinguish it from Internet Explorer 11. For example, it does not support the mechanism of obsolete types of ActiveX and Browser Helper Objects (BHO) extensions. Edge also does not use the VBScript engine (VBScript.dll), in which a sufficient number of RCE vulnerabilities were found.
DLLs that are either not allowed.
Thus, to be loaded into the context of the Edge process, the library must be digitally signed by Microsoft, or must be signed under the WHQL program (for drivers). Edge checks the legitimacy and integrity of the file (integrity) at the Windows kernel level, which allows you to protect this process from the possible consequences of introducing malicious code into the working web browser, which can prevent this (so called library content integrity protection ).
')
In addition to the above, the Edge web browser by default works as 64-bit in AppContainer mode. This distinguishes it from Internet Explorer 11, which by default always runs as 32-bit at a low Integrity Level. To switch IE 11 to 64-bit mode, a special setting is provided, as well as for the AppContainer tabs (Enhanced Protected Mode). Such modes of operation are not included in IE 11 by default only because of issues of its compatibility with various obsolete plugins and components that they may interfere with. Both of these modes significantly increase the immunity of the web browser to the effects of exploits and drive-by download attacks.
Edge also uses the latest mechanisms to protect its integrity against exploits, including MemGC and Control Flow Guard (CFG). See the full list here .
Source: https://habr.com/ru/post/271119/
All Articles