Problem
us-16-Weston-Windows-10-Mitigation-Improvements us-16-Weston-Windows-10-Mitigation-Improvements
1. Allocate object p = new COptionElement(); // 2. Free object delete p; Attacker reallocates p as a new type // 3. Use freed object p->Foo(); // 2. Zero object, but don’t free ZeroMemory(p, sizeof(T)); // 3. Garbage collection phase frees all objects with no references (stack, registers, heap) Tactic Applies to First shipped Eliminate entire classes of vulnerabilities Edge on Windows 10 and backported to IE9+ on Windows Vista+ July, 2015 (Windows 10 RTM)
Tactic Applies to First shipped Eliminate entire classes of vulnerabilities Edge and IE11 on Windows 10 and backported to IE10+ on Windows 7+ July, 2015 (Windows 10 RTM)
- Page 3 and 4: • S Problem: Preventative Securit
- Page 5 and 6: Internal Data Sources External Data
- Page 7 and 8: Percentage of Use Analysis: 90 80 7
- Page 9 and 10: Assume Breach Prevent Breach Threat
- Page 11 and 12: REDTEAM: Model real-world attacks
- Page 15: Internet Explorer, Edge, & Chakra S
- Page 20: No legacy document modes No legacy
- Page 24 and 25: Place array length at a predictable
- Page 26 and 27: Return addresses are not protected
- Page 28: Execute arbitrary native code Code
- Page 31 and 32: Non-paged pool System Page tables c
- Page 34: Win32 Process Store App AppContaine
- Page 38 and 39: Legend 2/4/2014 CVE-2014-0497 Explo
Tactic Applies to First shipped<br />
Eliminate entire classes of vulnerabilities Edge and IE11 on Windows 10 and backported to IE10+ on Windows 7+ July, 2015 (Windows 10 RTM)