Skip to comments.Windows 10 Anniversary Update crushed exploits without need of patches (Good news about Win10!)
Posted on 01/17/2017 9:11:01 PM PST by dayglored
Microsoft security boffins throw fresh CVEs at unpatched OS, emerge smiling
Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever.
The August updates brought in a series of operating system security improvements including boosts to Windows Defender and use of AppContainer, designed to raise the difficulty of having zero day exploits execute on patched systems.
Redmond's security team tested its exploit mitigations against two kernel-level then zero-day exploits (CVE-2016-7255, CVE-2016-7256) used by active hacking groups that offer privilege escalation.
They find, in a technical analysis designed to stress test the resilience of Windows 10, that the bugs were neutered on Anniversary Update machines even before it issued the respective November patch thanks to the exploit mitigation controls.
"Because it takes time to hunt for vulnerabilities and it is virtually impossible to find all of them, such security enhancements can be critical in preventing attacks based on zero-day exploits," the team says.
"While fixing a single-point vulnerability helps neutralize a specific bug, Microsoft security teams continue to look into opportunities to introduce more and more mitigation techniques.
"Such mitigation techniques can break exploit methods, providing a medium-term tactical benefit, or close entire classes of vulnerabilities for long-term strategic impact."
The team points to the benefits of easy and complex mitigations including simple changes against RW primitives that trigger harmless blue screens of death errors.
Pushing font-parsing code to isolated containers under improvements to AppContainer and additional validation for font file parsing significantly reduced the ability to use font bugs for privilege escalation, the team says.
That shut the door on one South Korean hacking group which used CVE-2016-7256 in small but targeted attacks in the nation.
"Windows 10 Anniversary Update introduced many other mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities," the team says.
The updates follow Microsoft's decision to delay the axing of the lauded enhanced mitigation toolkit to 31 July next year.
That move sparked the ire of Carnegie Mellon University CERT boffin Will Dormann who says the toolkit significantly improved the exploit mitigation chops of Windows 10 and should be maintained, not dropped.
[more at the article link]
I’ve had many versions of windows over the years starting with win 3.1
Windows 10 is the best so far and I, for one, have been very happy with it.
Me,too. The syncing across devices comes in handy.
If it weren’t for the crapware that comes installed and keeps getting installed, I’d probably like it a lot more.
I have windows 10 enterprise 2015 LTSB 64 bit
I have no idea what “crapware” you’re talking about. I don’t seem to have any and don’t seem to be getting any.
I’ve been using it for quite some time now and it’s been working great. I have a game worthy sys with two high end graphic cards installed and lots of RAM, so maybe that helps.
Won’t work for me! Won’t open any web pages. Says it “can’t get there from here!”
It can’t make up it’s mind if I am in Denmark or the USA.
Wiped out my DVD player, had to download another.
I had to download Mozilla Firefox on another computer, put it on a thumb drive and install it on my Win 10 laptop to get access to web pages.
Yeah that's the ticket Mr. Bull! That's why Microsoft had to try and repeatedly trick people into accepting it! I've been using Microsoft products since MS DOS 2.0 and my opinion is that Windows 10 sucks big time.
We were forced to install Never 10 on all of our Windows 7 computers to keep them from taking the update to Windows 10. Microsoft made it basically impossible to not update without doing this. We have one newer computer with Windows 10 and we did a clean install on a new hard drive for our primary laptop which is now sitting in a drawer somewhere. So we have had plenty of experience with Windows 10. Much of it against our wishes.
It may be OK for people who do not get into the nuts and bolts of a computer operating system and have brand new equipment. Personally I cannot stand Windows 10 after it has caused us numerous headaches. Microsoft has never taken a bigger step backward.
Thanks for the insults asswipe. I’ll remember that.
Do a search on windows 10 with words like: won’t, sucks, crap, stinks, is so slow, update problems and it’s obvious People hate it.
What’s worse is when trying to Resolve its issues, most relevant advice and help is not from MicroSoft but outside users who’ve found ways to get around what MS doesn’t seem to be able to do.
Oh, but you can just call MS support and get help (haha) or use Cortona the wonderful nothing.
I thought this version was for Enterprise users not home users.
oh great- only star trec cast are allowed to use it?
Personally I would be embarrassed to admit that I didn't know how to drive, or diaper a baby, or do sums at the supermarket in my head... or RTFM. But a small and determined minority are determined to mark the territory of klutz's as theirs. Well, they found their safe space, good for them, I merely wish they would be quiet instead of being proud of their ignorance. You see them on every Windows 10 thread. I don't recall the outrage at earlier versions. Maybe they are upset at being forced to leave the old technology behind as it is incompatible with the new. I'd like to help them, I have a few boxes of 5 1/4 inch floppies around, I can't use them, but I don't whine about it either.
Actually only some people. These people have their pictures posted under "Luddites" in Wikipedia. Look for it, your picture must be there.
I liked Win7 a lot. I think I like Win10 more. Wife’s the opposite.
Don’t quit your day job. :0)
I got my copy from my son who is an IT professional, free of charge for me.
Fireman felt the need to insult me and imply that I’m a rookie compared to his vast knowledge, hahahaha. Kind of cracked me up because I’ve owned personal computers for 40 years or so now. Used them on my jobs too for over 30 years as a machinist.
My first personal, hobby computer was a TRS-80 back in the 70s. I went all through the Commodore 64 years and learned to program in basic fairly good on those. I was very early into DOS and the very first windows machines. Have always kept upgraded and stayed ‘cutting edge’ so to speak.
Fireman implied that I don’t know what I’m doing when he’s the one who has a laptop sitting in a drawer that he doesn’t know what to do with. I’m laughing right now just thinking about that.
I’m very happy with win 10 and It’s an improvement even over Win 7 which I also loved.
Microsoft keeps us on the foreskin of technology.
Windows 7 was really good, it was the last of the DOS machines, the ones with legacy code. So smooth and lovely. I tweaked mine over the course of time until it opened and closed so fast.
Then upgraded to 10, and it beat my go-fast machine out of the box. Never looked back. The secret seems to be a clean install, but nobody want to back up. Now with GDrive and DropBox, there is no excuse not to do a clean install, just synch your data and do it clean. I've had a little trouble with two upgrades.... most went well, but, clean is better. Those bitter clingers not willing to let go of their Lotus Notes and such, well, the Model A was a good car but no one drives on cross country. YouTube has so many videos of how to install Win10, there is no excuse not to, now you don't even have to hire someone to do it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.