With Windows 10 Creators Update, Microsoft has put every effort to make the Edge browser most productive, reliable as well as the one tough to break in from the security point of view. Today, not everyone is a hacker and most people do not care about the security technologies and the underlying architecture when browsing around on the web, but all they are concerned about is a website should load properly and feel better.
But, the aspect of security still holds its place and currently has become one of the top priorities of the organizations around the globe, leveraging tools to tackle with people known for exploiting vulnerabilities on a daily basis.
With Windows 10 Creators Update, Microsoft Edge tries to remedy one of the most popular ways an attacker tries to break in the code and obtain Remote Code Execution (RCE). Microsoft Edge is leveraging technologies like Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to break these techniques that hackers rely on when exploiting vulnerabilities like Remote Code Execution (RCE).
What is Remote Code Execution (RCE)?
This is where the attacker seeks to escape from web code (JS and HTML) in the browser to run native CPU code of the attacker’s choosing. This lets the attacker violate all of the browser’s rules for the web, such as same-origin policy, and so it is important to web users that we try as hard as possible to block RCE attacks.
However, regardless of the best efforts, sometimes attackers get RCE anyway, which is why Microsoft is introducing improved Microsoft Edge sandbox.
Microsoft Edge does not support ActiveX, so it is able to run entirely inside app container sandboxes at all times. Since the beginning, Microsoft Edge has used several app containers. At first there was a parent app container for the Manager, which created a small number of additional app containers to host content from the internet separate from intranet content. The Windows 10 Anniversary Update moved Flash into its own, separate AC. Today the Microsoft Edge app container model looks like this:
The Manager provides browser features such as the URL bar, the back button, tabs, and your favorites list. The other app containers are:
- Internet AC: hosts content from Internet sites.
- Intranet AC: hosts content from Intranet sites. For enterprise users, that is enterprise web sites. For consumers, that is “web sites” that are control interfaces for devices on your home network, such as your Wi-Fi router, or IoT devices. Separating this RAC from the Internet e.g. protects your home Wi-Fi router from Internet attackers.
- Extensions AC: hosts the new extensions for Microsoft Edge.
- Flash AC: hosts the Adobe Flash player, to isolate it from the main content processes.
- Service UI AC: hosts special web pages, such as about:flags, and the default home page.
The Internet AC is where the action is. Its job is to host web pages from anywhere, including the JS code provided by that web page, images, and multimedia. Hosting web pages is extremely complex, due to the richness of the modern web; this is the platform of the Internet, and developers need to be able to create any application and run it in this environment. Because it is complex, and hosts web pages from anywhere, this is where web security attacks begin. A malicious web site presents content intended to exploit bugs in the content hosting system, to take over control of the content process.
If an attacker gains control of an Internet AC process, they need to find some way to achieve their goals. If their goals involve compromising the user’s device or personal data stored on the device, then they’ll need to contend with escaping from the sandbox first.