Windows 10 version 1511 includes an updated version of Microsoft Edge that includes protection against DLL-based injection attacks, improving the security of the web browser and your PC.
This technology builds on the security controls built into the initial shipping version of Microsoft Edge in Windows 10, which eliminated ActiveX and Browser Helper Objects, helping to protect your PC against certain forms of binary injection attacks. This, Microsoft says, “made browsing in Windows faster, more secure, and more stable than ever, while paving the way for better interoperability with other browsers and modern extension models.”
With Windows 10 1511, Edge protects your PC against another form of binary injection attack by preventing the loading of unauthorized DLLs into Microsoft Edge content processes.
The DLL, or dynamic link library, is a file type that dates back to the beginnings of Windows, and it was originally invented to help lower OS memory usage and enable code sharing.
So what does this have to do with Edge?
The trouble with web browsers is that they’re the entry point to your PC from the Internet. Technologies like ActiveX and browser extensions let your browser run code that sits out on the Internet, and hackers have obviously worked to exploit them to inject malicious code onto users’ PCs.
Less obviously, hackers have more recently begun seeking other ways to fund their efforts, and there are browser injection attacks that silently change or even add advertisements and unwanted toolbars into your web browsing experience, “redirecting that cash flow,” as Microsoft says. This is why the Lenovo Superfish episode was so insidious: The world’s biggest PC maker was actually using hacker techniques to redirect advertising in the guise of providing a better experience for users. (That said, Lenovo was being dumb, not malicious.)
This won’t work in Microsoft Edge, however.
“Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers,” the Microsoft Edge team explains in a new post to its corporate blog. “DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work. For ordinary use, users should not notice any difference in Microsoft Edge.”
As you might imagine, this type of protection is important because Microsoft will soon enable Edge’s extensibility capabilities, meaning that the browser will finally begin support Chrome-style extensions. This is exciting for users—you can install your favorite ad blockers and other extensions—but opens the browser to potential attacks.
And as Microsoft notes, there’s more work to be done, regardless.
“Requiring DLLs to be signed is not a silver bullet—there’s no such thing in browser security,” the firm explains. But “it adds substantially to the sophistication and expense required to attempt to target Microsoft Edge users. We continue to investigate further ways to thwart code injection into Microsoft Edge.”
Tagged with Microsoft Edge