Control Flow Guard Improvements in Windows 10 Anniversary Update
Diposting : Senin, 28 Nov 2016

"Control Flow Guard (CFG) is an exploit mitigation feature that
Microsoft introduced in Windows 10 and Windows 8.1 Update 3 that makes
it significantly harder for exploits to run code on systems running
these operating systems. This year’s major Windows 10 update (called the
Anniversary Update) introduced improvements to CFG.
...
No mitigation method is perfect—researchers have found multiple ways to
bypass CFG since its initial release in November 2014—but mitigations
are designed to reduce the effectivity of these attacks against CFG.

The Anniversary Update improved CFG mitigation in three aspects:

Gaps in CFG coverage were addressed. Many sensitive functions were
previously marked as “CFG valid” and could be used to bypass the exploit
mitigation. The Anniversary Update made these functions “CFG not valid”.

Switched to CFG “dispatch mode” on 64-bit systems by default.

Hardened longjmp. An attacker can use setjmp/longjmp to access stack
information and overwrite the return address to bypass CFG. The
Anniversary Update includes additional checks to resolve the issue."

Sumber : http://blog.trendmicro.com/trendlabs-security-intelligence/control-flow-guard-improvements-windows-10-anniversary-update/


Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: