Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Google Discloses Microsoft Edge Security Feature Bypass
#1
https://www.bleepingcomputer.com/news/se...re-bypass/        Google Discloses Microsoft Edge Security Feature Bypass
By Catalin Cimpanu  
February 17, 2018 02:38 PM     Google has gone public with details about a Microsoft Edge vulnerability that attackers could abuse and bypass one of the browser's security features —Arbitrary Code Guard (ACG).

ACG is a relatively new feature added to Edge's security model. Microsoft added support for ACG in Edge in April 2017, with the release of the Windows 10 Creators Update.

ACG was the second of two new features that Microsoft said would prevent attackers from using JavaScript to load malicious code into a computer's memory via Edge. Microsoft described the two new security features in a blog post last year. A summary of ACG and Code Integrity Guard (CIG) is below:

An application can directly load malicious native code into memory by either 1) loading a malicious DLL/EXE from disk or 2) dynamically generating/modifying code in memory. CIG prevents the first method by enabling DLL code signing requirements for Microsoft Edge. This ensures that only properly signed DLLs are allowed to load by a process. ACG then complements this by ensuring that signed code pages are immutable and that new unsigned code pages cannot be created.
Google engineer finds ACG bypass
Ivan Fratric, a security engineer with Google's Project Zero team, has discovered a way to bypass ACG and allow an attacker to load unsigned code in memory, allowing attackers a way into Windows boxes via malicious websites loaded via Edge.

Fratric reported the issue to Microsoft last November, in a private bug report, but the deadline for fixing the bug has passed.

"The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues," Microsoft told Fratric.

"The [Microsoft Edge] team IS positive that this will be ready to ship on March 13th," Microsoft added.

Second Edge bug Fratric has discovered
Details about this issue are now public. This is not the first time that Fratric has publicly disclosed a bug in Edge, doing so in February last year.

Fratric is also the author of Domato, a fuzzing tool for discovering security flaws in browser engines.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case mrtrout 0 584 12-31-2023 , 08:38 AM
Last Post: mrtrout
  Cloudflare is now powering Microsoft Edge Secure Network mrtrout 0 438 09-30-2023 , 03:06 AM
Last Post: mrtrout
  Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips mrtrout 0 381 03-19-2023 , 06:31 PM
Last Post: mrtrout
  Microsoft Edge gets better security defaults on less popular sites tarekma7 0 738 08-08-2022 , 10:36 AM
Last Post: tarekma7
  Low-Detection Phishing Kits Increasingly Bypass MFA Mohammad.Poorya 0 900 02-04-2022 , 05:29 PM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)