Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Guide to Tweak of built-in Exploit protection in Windows Security
Message
<blockquote data-quote="Andy Ful" data-source="post: 871246" data-attributes="member: 32260"><p>Code Integrity Guard is already implemented in Edge (native and Chromium). It can be disabled via Windows Policies:</p><p></p><p>"<span style="font-size: 15px"><strong><em>RendererCodeIntegrityEnabled</em></strong></span></p><p></p><p><em><strong>Enable renderer code integrity</strong></em></p><p><em><strong></strong></em></p><p><em><strong>Supported versions:</strong></em></p><ul> <li data-xf-list-type="ul"><em>On Windows since 78 or later</em></li> </ul><p><em><strong>Description</strong></em></p><p><em>If this policy is enabled or left unset, then Renderer Code Integrity is enabled. This policy should only be disabled if compatibility issues are encountered with third party software that must run inside Microsoft Edge's renderer processes.</em></p><p><em></em></p><p><em>Disabling this policy has a detrimental effect on Microsoft Edge's security and stability because unknown and potentially hostile code will be allowed to load inside Microsoft Edge's renderer processes.</em>"</p><p>[URL unfurl="true"]https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#renderercodeintegrityenabled[/URL]</p><p></p><p>See also point 24 in the article below:</p><p>[URL unfurl="true"]https://www.sentinelone.com/blog/32-security-reasons-to-move-to-windows-10/[/URL]</p><p></p><p>This mitigation conflicted for some time with Symantec antivirus:</p><p>[URL unfurl="true"]https://techcommunity.microsoft.com/t5/enterprise/edge-beta-broken-since-latest-windows-10-1803-microsoft-edge/m-p/888359[/URL]</p><p></p><p>It is an important mitigation in Edge:</p><p></p><p>"<span style="font-size: 15px"><strong><em>Wrapping up the renderer exploit</em></strong></span></p><p></p><p><em>Getting code execution in Microsoft Edge renderer is a bit more involved in contrast to other browsers since Microsoft Edge browser employs mitigations known as <a href="https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/" target="_blank">Arbitrary Code Guard (ACG) and Code Integrity Guard (CIG)</a>. Nevertheless, there is a way to bypass ACG. Having an arbitrary read-write primitive it is possible to find the stack address, setup a fake stack frame and divert code execution to the function of choice by overwriting the return address. This method was chosen to execute the sandbox escape payload.</em>"</p><p>[URL unfurl="true"]https://blog.exodusintel.com/2019/05/19/pwn2own-2019-microsoft-edge-renderer-exploitation-cve-2019-9999-part-1/[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 871246, member: 32260"] Code Integrity Guard is already implemented in Edge (native and Chromium). It can be disabled via Windows Policies: "[SIZE=4][B][I]RendererCodeIntegrityEnabled[/I][/B][/SIZE] [I][B]Enable renderer code integrity Supported versions:[/B][/I] [LIST] [*][I]On Windows since 78 or later[/I] [/LIST] [I][B]Description[/B] If this policy is enabled or left unset, then Renderer Code Integrity is enabled. This policy should only be disabled if compatibility issues are encountered with third party software that must run inside Microsoft Edge's renderer processes. Disabling this policy has a detrimental effect on Microsoft Edge's security and stability because unknown and potentially hostile code will be allowed to load inside Microsoft Edge's renderer processes.[/I]" [URL unfurl="true"]https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#renderercodeintegrityenabled[/URL] See also point 24 in the article below: [URL unfurl="true"]https://www.sentinelone.com/blog/32-security-reasons-to-move-to-windows-10/[/URL] This mitigation conflicted for some time with Symantec antivirus: [URL unfurl="true"]https://techcommunity.microsoft.com/t5/enterprise/edge-beta-broken-since-latest-windows-10-1803-microsoft-edge/m-p/888359[/URL] It is an important mitigation in Edge: "[SIZE=4][B][I]Wrapping up the renderer exploit[/I][/B][/SIZE] [I]Getting code execution in Microsoft Edge renderer is a bit more involved in contrast to other browsers since Microsoft Edge browser employs mitigations known as [URL='https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/']Arbitrary Code Guard (ACG) and Code Integrity Guard (CIG)[/URL]. Nevertheless, there is a way to bypass ACG. Having an arbitrary read-write primitive it is possible to find the stack address, setup a fake stack frame and divert code execution to the function of choice by overwriting the return address. This method was chosen to execute the sandbox escape payload.[/I]" [URL unfurl="true"]https://blog.exodusintel.com/2019/05/19/pwn2own-2019-microsoft-edge-renderer-exploitation-cve-2019-9999-part-1/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
