Internet Explorer 10 memory protections revealed

The release of the Windows 8 Consumer Preview a few weeks ago also included the new version of Internet Explorer 10 which, at the moment, is only available to Windows 8 users. The new version of Microsoft's web browser has a number of new and improved features, including some new memory protections that are designed to make finding exploits harder for hackers.

In a new post on the Internet Explorer developer blog, Microsoft's Forbes Higman goes into some detail about IE 10's new memory protections. The blog, as one might expect, is highly technical but still an interesting read. Higman first goes over how hackers could launch an attack on a web browser via a memory-based exploit.

Hackers have to have two things for this kind of exploit to work; one of them is to have some kind of code installed on their intended victim's PC. Higman adds:

The attacker also needs to be able to exploit a vulnerability that allows the flow of code execution to be altered from design, such as a buffer overflow vulnerability. Then they can change the code path to “jump to” the address of the code they want executed.

Memory protection features in a web browser are designed to stop such attacks from taking place. The blog talks about several of these defenses that have been improved for IE 10. One defense that is totally new for IE 10 is called ForceASLR. Higman writes:

ForceASLR is a new loader option used by Internet Explorer 10 to instruct the operating system to randomize the location of all modules loaded by the browser, even if a given module was not compiled with the /DYNAMICBASE flag.

This new technique is installed in Windows 8 but is also available on Windows 7 via a new update. This is to prepare Windows 7 for the eventual release of Internet Explorer 10 for that operating system.

Report a problem with article
Previous Story

Opera "currently looking" at supporting Windows 8 Metro

Next Story

First look at Battlefield 3: Close Quarters

19 Comments

Commenting is disabled on this article.

Impressive! IE has really turned its notch on security even higher. Only sad thing is there was no need to abandon Vista SP2 customers. IE market share is still falling.

I am not gonna say resistance is futile but where there is a will there will always be a way.

If I was able to fake the location in the browser from which the code was running into thinking it was coming from the believed secure location and in conjunction with polymorphic code then I still believe this can be circumvented.

I was already sold on HW HTML5 HD acceleration of IE10
or was it it's INSANE javascript performance?

Maybe it's native Adblocking/Adtracking to the core...

Damn, only version 10?

If IE had the abundance of add ons that Firefox has, I would probably use it.

They do have something a little like that but seems a bit dead. Microsoft not supporting the community enough perhaps.

Do you think even if they did, people would happily make lots of add ons or just ignore them for past history?

I'm actually quite curious about that because it seems silly for MS not to match a competitors great feature that has proven to be great.

oceanmotion said,
If IE had the abundance of add ons that Firefox has, I would probably use it.

They do have something a little like that but seems a bit dead. Microsoft not supporting the community enough perhaps.

Do you think even if they did, people would happily make lots of add ons or just ignore them for past history?

I'm actually quite curious about that because it seems silly for MS not to match a competitors great feature that has proven to be great.

Browser extensions and security don't go well together. Many people don't know, but firefox/chrome extensions can contain malicious code.

microsoft is working to improve the security of its desktop os by sandboxing metro apps. The idea is that no 3rd party code should be allowed potentially destructive permissions.

If they allow to build extensions for ie/metro or ie/desktop on arm, all their effort about sandboxing apps would be worthless, because users could still be infected by browser extensions that steal their passwords, steal their credit card number, send them to a remote server and display ads everywhere.

So it is a silly idea to ask for a way to get compromised, because you could be sure that malware writers would start building more malicious browser extensions if they were allowed on windows arm (as it would be the only way to run malicious software on this platform, since every 3rd party apps are sandboxed)

A year from now, all the "better browsers" will have this feature so they can be "better" than IE, which "needs to die already."

Enron said,
A year from now, all the "better browsers" will have this feature so they can be "better" than IE, which "needs to die already."

i admire microsoft, and wish them all the best, but today, i can't imagine myself goin back to IE, it's annoying with it's popup and registration form, browsing is slow compared to FF or opera.(i can't stand chrome, used it in 6 or 7 version, and never touched it since.)
no community addons, a must be, for every product in today market.

hoped microsoft will embrace the community more tightly, and vice versa.


Enron said,
A year from now, all the "better browsers" will have this feature so they can be "better" than IE, which "needs to die already."

Yes master, we will make it so immediately. /rolleyes.
Some people like IE, like me, I especially like IE9 and IE10, so stop acting like everyone shares your opinion.

R1pper said,

i admire microsoft, and wish them all the best, but today, i can't imagine myself goin back to IE, it's annoying with it's popup and registration form, browsing is slow compared to FF or opera.(i can't stand chrome, used it in 6 or 7 version, and never touched it since.)
no community addons, a must be, for every product in today market.

hoped microsoft will embrace the community more tightly, and vice versa.


Just try IE10 on win8 cp, it's way faster than firefox, chrome, or opera!

And I'm not talking just about hardware accelerated graphic rendering. It is faster even on real world web sites. Navigation is so smooth!

Concerning addons, IE supported them since IE3, but addons/extensions can contain malwares and should not be installed by users who actually care about security.

Now that win8 supports sandboxed apps, it would be crazy to go backward and allow third party code to run within the IE/metro process! addons won't be supported on ie/desktop on win8 arm either, and that's a good thing!

R1pper said,

no community addons, a must be, for every product in today market.

personally I think add-ons should die.

but yes, I admire what microsoft has been doing as well, especially with the bold moves they made in IE9 and IE10. Pinned sites, hardware acceleration, and with Metro, true full-screen browsing by default, and so on. Brilliant stuff.

warwagon said,
Why did the "We don't want zombies on our lawn " song just pop into my head!?

Because you really have nothing else to do in your life.