Microsoft Edge; attention until next month

Microsoft Edge? The team Google's Zero has released several details that help circumvent an important technique on the Edge.

Let's see where it is :Microsoft Edge

Arbitrary Code Guard (ACG), released with its release 10 Update για να βοηθήσει στην αποτροπή των επιθέσεων από τον ιστό που προσπαθούν να φορτώσουν κακόβουλο κώδικα στη μνήμη. Η συγκεκριμένη τεχνική διασφαλίζει ότι η μνήμη δέχεται μόνο σωστά υπογεγραμμένο κώδικα.

However, as Microsoft explains, Just-in-Time (JIT) compilers used in modern web browsers pose a problem for ACG. JIT compilers convert JavaScript into native, unsigned code.

So to ensure that JIT compilers continue to run even when ACG is enabled, the company's developers split Microsoft Edge JIT into a separate process running on its own isolated sandbox.

But here came the researchers from Google's Project Zero. Researchers have found that there is a problem with the way the JIT process writes executable data to the content.

THE 'bypass the ACG using UnmapViewofFileallows a content process to predict which address of a JIT process VirtualAllocEx () may call, as well as a content process that is preparing to "allocate a writable memory area to the same JIT server address for an executable to run soon" .

Google reported the issue to Microsoft in mid-November and released the details of the exploit yesterday, as the 90 days have passed.

Microsoft confirmed the ACG bypass at some point in Patch Tuesday, which was released in February. Apparently the company intended to fix the issue by then, but found it a bit "more complicated" than it initially thought.

So the solution for a secure Microsoft Edge is expected to be released with Patch Tuesday in March.

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).