• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Windows 10 security: 'So good, it can block zero-days without being patched'

Recommended Posts

Mockingbird    2,534
Quote

Microsoft researchers have found that two zero-day exploits it patched against in November wouldn't have worked on systems running the Windows 10 Anniversary Update anyway.

 

The firm has been testing how well its latest in-built Windows 10 and Edge exploit-mitigation features such as AppContainer sandboxing and stronger validation, which shipped with the Anniversary Update in August, can block commonly used techniques.

 

Microsoft's Windows Defender security team tested the Anniversary Update against CVE-2016-7255, a zero-day flaw used by the Fancy Bear hackers targeting US organizations in October, and CVE-2016-7256, which was used against South Korean targets. Both kernel-level exploits resulted in elevation of privileges and were patched in November.

 

While systems running older versions of Windows would have been compromised, systems on the Anniversary Update would have been protected, according to Microsoft's analysis.

"We saw how exploit-mitigation techniques in Windows 10 Anniversary Update, which was released months before these zero-day attacks, managed to neutralize not only the specific exploits but also their exploit methods," Microsoft's Windows Defender ATP Research Team write.

 

"As a result, these mitigation techniques are significantly reducing attack surfaces that would have been available to future zero-day exploits."

 

As they noted, fixing a single vulnerability helps neutralize a specific bug. However, boosting exploit mitigation can take out attack techniques used across multiple exploits.

 

"Such mitigation techniques can break exploit methods, providing a medium-term tactical benefit, or close entire classes of vulnerabilities for long-term strategic impact," the Defender team wrote.

 

[...]

http://www.zdnet.com/article/windows-10-security-so-good-it-can-block-zero-days-without-being-patched/

Share this post


Link to post
Share on other sites
br0adband    448

More like:

 

"Microsoft Windows 10 - Our Marketing Is So Good You'll Believe The Crap We're Spewing" or words to that effect.

 

You can't really protect against a zero-day exploit - if Microsoft doesn't comprehend this well, that's their problem but it'll bleed down to consumers fast when it actually does happen.

 

And it will, guaranteed.

Share this post


Link to post
Share on other sites
Mockingbird    2,534
3 minutes ago, br0adband said:

More like:

 

"Microsoft Windows 10 - Our Marketing Is So Good You'll Believe The Crap We're Spewing" or words to that effect.

 

You can't really protect against a zero-day exploit - if Microsoft doesn't comprehend this well, that's their problem but it'll bleed down to consumers fast when it actually does happen.

 

And it will, guaranteed.

It's time for you to move on from Windows XP.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.