Microsoft has said Windows 10 security measures are so strong that they can block zero-day vulnerabilities without even being patched. Well, that’s something…
Researchers at the Redmond tech giant have found that two zero-day security exploits that they patched in November wouldn’t have worked on Windows 10 machines running Anniversary Update. The company is taking some extra steps this year to earn user trust with better privacy and security tools.
For the past few months, Microsoft has been testing the security features of Windows 10 and its Edge browser. Mitigation techniques, such as AppContainer sandboxing, were shipped with the Anniversary Update in August. These features can “stop exploits of newly discovered and even undisclosed vulnerabilities,” the company has said.
Microsoft’s Windows Defender team used two known exploits to test the security of Windows 10 Anniversary Update. One was the CVE-2016-7255, a zero-day flaw which was used by the Fancy Bear hackers (aka STRONTIUM) to target US organizations with phishing campaigns back in October, last year. The second was CVE-2016-7256, which was used against targets in South Korea in November.
Both of these were kernel-level exploits that had resulted in privilege elevation. The company had sent a patch for them in November 2016. However, Microsoft says systems running the Anniversary Update would not have been compromised anyway.
We saw how exploit mitigation techniques in Windows 10 Anniversary Update, which was released months before these zero-day attacks, managed to neutralize not only the specific exploits but also their exploit methods. As a result, these mitigation techniques are significantly reducing attack surfaces that would have been available to future zero-day exploits.
Microsoft’s Windows Defender ATP Research team added that with these new mitigation techniques the company is also increasing the cost of exploit development. This means attackers are forced to find new ways around these new defense layers. “Even the simple tactical mitigation against popular RW primitives forces the exploit authors to spend more time and resources in finding new attack routes,” the team wrote.
Instead of focusing on fixing a single vulnerability that neutralizes a specific bug, the research team at Microsoft is working to boost exploit mitigation that works against attack techniques that are used across multiple exploits, thereby reducing a company’s time spent on delivering patches and increasing time for exploit development.
“Such mitigation techniques can break exploit methods, providing a medium-term tactical benefit, or close entire classes of vulnerabilities for long-term strategic impact,” the team added.