The release of the Windows 8 Consumer Preview a few weeks ago also included the new version of Internet Explorer 10 which, at the moment, is only available to Windows 8 users. The new version of Microsoft's web browser has a number of new and improved features, including some new memory protections that are designed to make finding exploits harder for hackers.
In a new post on the Internet Explorer developer blog, Microsoft's Forbes Higman goes into some detail about IE 10's new memory protections. The blog, as one might expect, is highly technical but still an interesting read. Higman first goes over how hackers could launch an attack on a web browser via a memory-based exploit.
Hackers have to have two things for this kind of exploit to work; one of them is to have some kind of code installed on their intended victim's PC. Higman adds:
The attacker also needs to be able to exploit a vulnerability that allows the flow of code execution to be altered from design, such as a buffer overflow vulnerability. Then they can change the code path to “jump to” the address of the code they want executed.
Memory protection features in a web browser are designed to stop such attacks from taking place. The blog talks about several of these defenses that have been improved for IE 10. One defense that is totally new for IE 10 is called ForceASLR. Higman writes:
ForceASLR is a new loader option used by Internet Explorer 10 to instruct the operating system to randomize the location of all modules loaded by the browser, even if a given module was not compiled with the /DYNAMICBASE flag.
This new technique is installed in Windows 8 but is also available on Windows 7 via a new update. This is to prepare Windows 7 for the eventual release of Internet Explorer 10 for that operating system.