Jump to content

Support For The Edge Browser in Windows 10?


Nesivos

Recommended Posts

I was wondering about that too. But does Edge even really need it, seeing it's a sandboxed WinRT  app and not a unsecure Win32 program?

Link to post
Share on other sites

Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.

Link to post
Share on other sites

MBAE does seem to work with Edge:

 

post-182747-0-49471400-1437512201_thumb.

 

The type of protection it provides is unknown at the moment. The mbae-test app fails on Windows 10:

 

post-182747-0-44089200-1437512580_thumb.

 

That seems to be related to the missing msvcr100.dll and not to the actual test up.

 

I should've said that the MBAE does run on Windows. Working is another question...

 

 

 

Link to post
Share on other sites

Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.

 

The 64-bit IE11 with sandbox (Enhanced Protection Mode) had number of vulnerabilities that are continuously patched by MS. For that matter Chrome, with a lot better sandbox than IE11, had number of vulnerabilities as well. While agree that the current time it's not easy to exploit MS Edge, only time will tell if its security will measure up to Microsoft, and in some respect your, expectations...

Link to post
Share on other sites

We're investigating Edge to see if/when we add protection for it.

Thank you for the feedback :)

Link to post
Share on other sites

The 64-bit IE11 with sandbox (Enhanced Protection Mode) had number of vulnerabilities that are continuously patched by MS. For that matter Chrome, with a lot better sandbox than IE11, had number of vulnerabilities as well. While agree that the current time it's not easy to exploit MS Edge, only time will tell if its security will measure up to Microsoft, and in some respect your, expectations...

Just to note, in my experience over the years it seems to me that if it is MICROSOFT there will always be a dedicated group that seem committed to exploiting this OS and variable components.

Just my opinion. :)

Link to post
Share on other sites

Yes and it remains to be seen about the plugins.

 

A very interesting post today by Trend Micro about the topic:

http://blog.trendmicro.com/trendlabs-security-intelligence/windows-10-sharpens-browser-security-with-microsoft-edge/

The article talked about improved protection against UAF exploits.  The problem is that a number of popular exploit kits like Angler now include the capability to deliver obfiscated UAF exploits

Link to post
Share on other sites

Wow, using GC (Garbage Collection) for malware loading and execution is awesome in a technical sense. I wonder if EMET and/or /MBAE can protect against this buffer manipulation. Thanks for the link Nesivos...

 

Disabling or rather removing "features" that are well known attack vectors certainly will make Edge initially more secure than IE. At least initially...

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.