Microsoft Windows 10 Anniversary Update has introduced many mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities, Matt Oh and Elia Florio of Microsoft’s Windows Defender ATP Research Team wrote in an online post last week.
Countering unidentified vulnerabilities
— also known as “zero day” vulnerabilities — is particularly important because they are a powerful tool used to penetrate systems and steal data by attackers, especially those working for nation-states.
Rather than focus on a single vulnerability, Microsoft is focusing on mitigation techniques that counter classes of exploits, Oh and Florio explained.
“As a result, these mitigation techniques are significantly reducing attack surfaces that would have been available to future Zero-Day exploits,” they wrote.
What Users Get
Nevertheless, the security improvements in the new Windows 10 Anniversary Update are worthwhile for consumers.
“This is great news for users,” said Jerome Segura, a senior security researcher for Malwarebytes.
“Microsoft is addressing zero days and exploits in general by sandboxing a lot of the components in the operating system,” he told TechNewsWorld.
Sandboxing is a technique used to isolate activity in a space where it can be observed without affecting its surroundings. If it behaves badly in the sandbox, then it won’t be allowed to play with the other parts of a system.
Sandbox techniques were used in Windows 10 to neutralize an exploit that used corrupt fonts to gain escalated privileges on a system, Microsoft’s Oh and Florio explained. Escalated privileges allow an intruder greater freedom to roam and access data on a network.
Room for Improvement
While Microsoft is making good progress in hardening the Windows kernel, it could improve the operating system’s security in other areas, too. One of those areas is third-party applications and components.
“While it’s trying to ensure that its operating system is secure, it still depends on Flash, Java and other pieces of software. At the end of the day, the security of the system is going to depend on all the pieces, not just what Microsoft ships,” Malwarebytes’ Segura observed.
“You can have an OS that’s safe, but if you have an outdated Flash plug-in, you can still get infected,” he pointed out.
Hackers also are exploiting Microsoft Office documents. “Microsoft needs to tighten up legacy code like macros — either disable it or sandbox it,” Segura said.