Windows 10 Anniversary Update protected users against pre-patched exploits

how to take a screenshot on a pc
Matt Oh and Elia Florio of the Windows Defender ATP Research Team said on Friday that Windows 10 Anniversary Update not only neutralized zero-day kernel exploits used by two recent attack campaigns, but revealed how they were used. The exploits were based on the CVE-2016-7255 and CVE-2016-7256 vulnerabilities, which were patched in November. The thwarted exploits are just two examples of the work Microsoft put into Anniversary Update to reduce the number of attack avenues hackers can take through vulnerabilities.

“By delivering these [exploit] mitigation techniques, we are increasing the cost of exploit development, forcing attackers to find ways around new defense layers,” they said. “Even the simple tactical mitigation against popular read-write primitives forces the exploit authors to spend more time and resources in finding new attack routes.”

The first attack campaign began in June by “unidentified actors” using “Hankray” against targets located in South Korea. The campaign consisted of low-level attacks and was followed up by a second campaign in November using Hankray as well. This second wave took advantage of a flaw in the Windows font library, aka CVE-2016-7256, that enabled hackers to elevate a PC’s account privileges and install the Hankray backdoor.

“The font samples found on affected computers were specifically manipulated with hardcoded addresses and data to reflect actual kernel memory layouts,” they said in Friday’s report. “This indicates the likelihood that a secondary tool dynamically generated the exploit code at the time of infiltration.”

With Windows 10 Anniversary Edition, font exploits are mitigated by AppContainer, preventing them from taking place on the kernel level. AppContainer includes an isolated sandbox that blocks exploits from gaining escalated privileges of a PC. According to the duo, this walled-in space “significantly” reduces the chances of using font parsing as an angle of attack.

“Windows 10 Anniversary Update also includes additional validation for font file parsing. In our tests, the specific exploit code for CVE-2016-7256 simply fails these checks and is unable to reach vulnerable code,” they added.

The second attack was a spear-phishing campaign in October. Launched by the Strontium attack group, the attack used an exploit for the CVE-2016-7255 vulnerability along with the CVE-2016-7855 vulnerability in Adobe Flash Player. The group targeted non-government organizations and think tanks in the United States. Essentially, the group used the Flash-based security hole to get access to the win32k.sys vulnerability to gain elevated privileges of the targeted PCs.

However, Anniversary Update includes security techniques that defend against the Win32k exploit along with other exploits. More specifically, Anniversary Update prevents attackers from corrupting the tagWND.strName kernel structure and using SetWindowsTextW to write arbitrary content in kernel memory. This prevention is achieved by performing additional checks for the base and length fields to verify that the virtual address ranges are correct and that they are not usable for read-write primitives.

Microsoft provides a document about the added security measures cramming into Windows 10 Anniversary Update as a PDF here. As always, Windows Defender is built into the Windows platform as a free service, automatically protecting customers against the latest threats. Microsoft also offers the Windows Defender Advanced Threat Protection subscription service for the enterprise, providing a “post-breach” layer of protection.

Computing

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Computing

Microsoft could split up search and Cortana in the next Windows 10 release

In the latest Insider preview build, Microsoft is exploring ways to split up Cortana and search on Windows 10. If Microsoft moves ahead with this change, we could see separate search and Cortana options in the Spring 2019 Update.
Computing

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?
Photography

Photographers can now customize the layout of Lightroom Classic controls

Tired of scrolling past Lightroom tools that you don't use? Adobe Lightroom Classic now allows users to reorganize the Develop panel. The update comes along with new sharing options in Lightroom CC, and updates to the mobile Lightroom app.
Computing

You can now get a Surface Laptop 2 for $800 at the Microsoft Store

Along with deals on other variants, starting configurations of Microsoft's Surface Laptop 2 are now going for $800 online at its retail store, cutting $200 from its usual $1,000 starting price. 
Computing

Need a monitor for professional photo-editing? These are the very best

Looking for the best monitor for photo editing? You'll need to factor in brightness, color accuracy, color gamut support and more. Fortunately, we've rounded up the best ones for you, to help you make an educated purchase.
Computing

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.
Computing

HDR monitors are beginning to have an impact. Here are the best you can buy

HDR isn't the most common of PC monitor features and is often charged at a premium, but the list of available options is growing. These are the best HDR monitors you can buy right now.
Computing

You’ll soon be able to scribble all over PDFs on your Chromebook

Chrome OS users may soon be able to doodle all over their PDF documents with the possible addition of a new feature in Chrome OS' PDF viewer. The annotation feature is expected to allow users to hand draw or write over their documents.
Virtual Reality

Oculus Rift vs. HTC Vive: Prices drop, but our favorite stays the same

The Oculus Rift and HTC Vive are the two big names in the virtual reality arena, but most people can only afford one. Our comparison tells you which is best when you pit the Oculus Rift vs. HTC Vive.
Computing

Microsoft’s Windows 95 throwback was just an ugly sweater giveaway

Microsoft's "softwear" announcement wasn't what we had hoped for. Thursday's announcement was not the new line of wearable tech or SkiFree monster sweater we wished for. But it did deliver the 90s nostalgia we wanted.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.
Deals

The best MacBook deals for December 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.