From 94b8b323a63742738de2b407e3b248e29b470ea0 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Mon, 23 May 2016 09:31:27 -0700
Subject: [PATCH 1/8] Creating new topic based on several blogs

---
 .../security-enhancements-microsoft-edge.md   | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 browsers/edge/security-enhancements-microsoft-edge.md

diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
new file mode 100644
index 0000000000..80018fa5f9
--- /dev/null
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -0,0 +1,41 @@
+---
+description: Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
+---
+
+# Security enhancements for Microsoft Edge
+Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
+
+## Help to protect against web-based security threats
+While the web is predominantly a safe environment, there are some sites that have been designed to steal money and personal information. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:
+
+- **Trickery.** Means using things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn't.
+
+- **Hacking.** Means attacking a person through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a person’s device, taking over first their browsing session, and perhaps ultimately the entire device.
+
+While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience.
+
+### Windows Hello
+Phishing scams gets people to enter passwords into a fake version of a trusted website, such as a bank. Our current attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success. Attackers are just too competent at faking legitimate experiences for more people to notice the difference.
+
+To really address this problem, we need to stop people from entering plain-text passwords into websites. So in Windows 10, we gave you [Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/) technology with asymmetric cryptography that authenticates both the person and the website.
+
+Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/).
+
+### Microsoft SmartScreen
+Microsoft SmartScreen, using both Windows 10 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites; blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend against people being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm) and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/), malicious web attacks that tend to start on trusted websites, targeting security vulnerabilities in commonly used software.
+
+**Note**<br>
+Both Microsoft Edge and Internet Explorer 11 help to prevent drive-by attacks on Windows 10.
+
+### Certificate Reputation system
+While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites.
+To help address this problem, we introduced the [Certificate Reputation system](http://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates.
+
+
+
+

From 162ae23d8471c4877b96b1517af513a96bc67384 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Tue, 24 May 2016 07:36:24 -0700
Subject: [PATCH 2/8] Added text

---
 .../security-enhancements-microsoft-edge.md   | 82 +++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
index 80018fa5f9..d3c7bce812 100644
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -36,6 +36,88 @@ Both Microsoft Edge and Internet Explorer 11 help to prevent drive-by attacks on
 While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites.
 To help address this problem, we introduced the [Certificate Reputation system](http://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates.
 
+### Microsoft EdgeHTML and modern web standards
+Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused on modern standards that let web developers build and maintain a consistent site across all modern browsers.
+
+The Microsoft EdgeHTML engine also helps to defend against trickery through these new security standards features:
+
+- Support for the W3C standard and the [Content Security Policy (CSP) specification](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy). Both of which can help developers defend against cross-site scripting attacks.
+
+- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
+
+- Support for the [Meta referrer](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/meta-referrer/) tag, which specifies what info should be passed through the HTTP header to any request sent from a webpage.
+
+## Help against hacking
+While Microsoft Edge has done much to help defend against trickery, it’s also undergone a major overhaul of the DOM representation in the browser’s memory, allowing the code to be more resistant to attacks that attempt to subvert the browser, like in many hacking attempts.
+
+### Microsoft Edge is now a 64-bit app
+The largest security change to Microsoft Edge is that we’ve made it a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within app container sandboxes; providing reliable and trustworthy behavior along with additional isolation and protection from outside attacks.
+
+Additionally, Microsoft Edge has been updated to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes.
+
+#### 64-bit processes and Address Space Layout Randomization (ASLR)
+Strengthening Windows Address Space Layout Randomization (ASLR) provides significant advantages to 64-bit processes in general, and browser processes specifically, making it much more difficult for attackers to inject malicious code into a browser process through a coding exploit.
+
+ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
+
+### All web content runs in an app container sandbox
+Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
+
+Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 technology, providing an even stronger sandbox, using deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
+
+Microsoft Edge takes EPM even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, making it the most secure client-side app sandbox in Windows.
+
+### New extension model and HTML5 support
+Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
+
+Our answer to this problem was to create an extension model with less shared state between the browser and its extensions. Meaning that Microsoft Edge doesn’t support [Vector Markup Language, VBScript, JScript, Toolbars, Browser Helper Objects, or ActiveX](http://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-part-2-saying-goodbye-to-activex-vbscript-attachevent/). However, with the use and support of HTML5, the need for those extensions has been greatly reduced, allowing sites to be as full-functioning across browsers as before, without the same potential risks.
+
+If you still want to have more extensibility beyond what’s provided by HTML5, you can see the [Microsoft Edge Extensions](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/extensions/) documentation for a modern, HTML/JS/CSS-based extension model.  Extensions can be disabled through [Group Policy or Mobile Data Management (MDM)](https://technet.microsoft.com/itpro/microsoft-edge/available-policies) policies.
+
+### Reduced attack surfaces
+In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also has no support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). This means that the browser is much more secure than before. However, it also means that it’s not as backward compatible as before.
+
+Because of that, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backwards compatibility.
+
+### Code integrity and image loading restrictions
+Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded.
+
+### Memory corruption mitigations
+Memory corruption happens most frequently to apps written in C or C++ because the languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed info to a program and the program can’t handle it, causing the program’s memory state to corrupt and to allow the attacker to take control of the program.
+
+Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
+
+#### Memory Garbage Collector (MemGC) mitigation
+MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory.
+
+**Note**<br>MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge and Internet Explorer 11.
+
+#### Control Flow Guard
+Ultimately, attackers use memory corruption attacks to gain control of the CPU program counter so that they can jump to any code location they want. Control Flow Guard is a Microsoft Visual Studio technology that compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only go to function entry points with known addresses. This makes attacker take-overs much more difficult by severely constraining where a memory corruption attack can jump to.
+
+**Note**<br>Control Flow Guard is always turned on for Microsoft Edge.
+
+### Designed for security
+We’ve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that you’re more protected than ever before.
+
+#### Fuzzing/Static Analysis
+We’ve devoted more than 320 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 100-billion DOM manipulations from 230-million non-unique HTML files. That’s a 3x scale increase over previous product testing. Because of all of this, hundreds of security issues were addressed before the product shipped.
+
+#### Code Review & Penetration Testing
+Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping.
+  
+#### Windows REDTEAM
+The Windows REDTEAM emulates the techniques and expertise of skilled, real-world attackers.  Exploited Microsoft Edge vulnerabilities discovered through penetration testing can be addressed before public discovery and real-world exploits.
+ 
+#### Bug Bounty Programs
+Despite all of our best efforts, we realize that there will be security vulnerabilities in Microsoft Edge that we don’t yet know about. To minimize customer impact, we offer ongoing bounty programs intended to incent security researchers to report vulnerabilities to us. If you’re a security researcher and you’re interested in the bounty program, you can find more info [here](https://technet.microsoft.com/en-us/library/dn425036.aspx).
+
+
+
+
+
+
+
 
 
 

From ec39b5297bf9239b24d7371540542bbb559e6ebe Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Tue, 24 May 2016 07:37:16 -0700
Subject: [PATCH 3/8] Added new security enhancements topic

---
 browsers/edge/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md
index 8b02ce6c70..1e0b12897e 100644
--- a/browsers/edge/TOC.md
+++ b/browsers/edge/TOC.md
@@ -3,4 +3,5 @@
 ##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
 ##[Available policies for Microsoft Edge](available-policies.md)
 ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
+##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md)
 

From a8fd7951730e091c6af4872c841d5dfec4abeccd Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Tue, 24 May 2016 07:38:43 -0700
Subject: [PATCH 4/8] Updated to include new security enhancements topic

---
 browsers/edge/Index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md
index 1fbb56ff74..ab4caaef1d 100644
--- a/browsers/edge/Index.md
+++ b/browsers/edge/Index.md
@@ -29,6 +29,7 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage
 | [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) | Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
 | [Available policies for Microsoft Edge](available-policies.md)  | Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. <p>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
 | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) | If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. <p>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
+| [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. |
 
 ## Interoperability goals and enterprise guidance
 

From b66385f5ee2a3df8f63de7bd855aa610120c854e Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 25 May 2016 09:30:29 -0700
Subject: [PATCH 5/8] Updated security topic based on tech review

---
 .../security-enhancements-microsoft-edge.md   | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
index d3c7bce812..0de7d4ca94 100644
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -11,23 +11,23 @@ title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
 Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
 
 ## Help to protect against web-based security threats
-While the web is predominantly a safe environment, there are some sites that have been designed to steal money and personal information. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:
+While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:
 
-- **Trickery.** Means using things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn't.
+- **Trickery.** Means using things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn’t.
 
-- **Hacking.** Means attacking a person through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a person’s device, taking over first their browsing session, and perhaps ultimately the entire device.
+- **Hacking.** Means attacking a system through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a device, taking over first a browsing session, and perhaps ultimately the entire device.
 
 While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience.
 
 ### Windows Hello
-Phishing scams gets people to enter passwords into a fake version of a trusted website, such as a bank. Our current attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success. Attackers are just too competent at faking legitimate experiences for more people to notice the difference.
+Phishing scams get people to enter passwords into a fake version of a trusted website, such as a bank. Attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success, since attackers are too good at faking legitimate experiences for many people to notice the difference.
 
 To really address this problem, we need to stop people from entering plain-text passwords into websites. So in Windows 10, we gave you [Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/) technology with asymmetric cryptography that authenticates both the person and the website.
 
 Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/).
 
 ### Microsoft SmartScreen
-Microsoft SmartScreen, using both Windows 10 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites; blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend against people being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm) and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/), malicious web attacks that tend to start on trusted websites, targeting security vulnerabilities in commonly used software.
+Microsoft SmartScreen, used in both Windows 10 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend people against being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm) and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/). Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software, and may be hosted on trusted sites.
 
 **Note**<br>
 Both Microsoft Edge and Internet Explorer 11 help to prevent drive-by attacks on Windows 10.
@@ -51,46 +51,46 @@ The Microsoft EdgeHTML engine also helps to defend against trickery through thes
 While Microsoft Edge has done much to help defend against trickery, it’s also undergone a major overhaul of the DOM representation in the browser’s memory, allowing the code to be more resistant to attacks that attempt to subvert the browser, like in many hacking attempts.
 
 ### Microsoft Edge is now a 64-bit app
-The largest security change to Microsoft Edge is that we’ve made it a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within app container sandboxes; providing reliable and trustworthy behavior along with additional isolation and protection from outside attacks.
+The largest security change to Microsoft Edge is that we’ve made it a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; providing reliable and trustworthy behavior along with additional isolation and protection from outside attacks.
 
-Additionally, Microsoft Edge has been updated to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes.
+Additionally, Microsoft Edge has been updated to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system. 
 
 #### 64-bit processes and Address Space Layout Randomization (ASLR)
 Strengthening Windows Address Space Layout Randomization (ASLR) provides significant advantages to 64-bit processes in general, and browser processes specifically, making it much more difficult for attackers to inject malicious code into a browser process through a coding exploit.
 
-ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
+ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
 
-### All web content runs in an app container sandbox
+### All web content runs in an AppContainer sandbox
 Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
 
 Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 technology, providing an even stronger sandbox, using deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
 
-Microsoft Edge takes EPM even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, making it the most secure client-side app sandbox in Windows.
+Microsoft Edge takes EPM even farther, running its content processes in AppContainers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
 
 ### New extension model and HTML5 support
 Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
 
-Our answer to this problem was to create an extension model with less shared state between the browser and its extensions. Meaning that Microsoft Edge doesn’t support [Vector Markup Language, VBScript, JScript, Toolbars, Browser Helper Objects, or ActiveX](http://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-part-2-saying-goodbye-to-activex-vbscript-attachevent/). However, with the use and support of HTML5, the need for those extensions has been greatly reduced, allowing sites to be as full-functioning across browsers as before, without the same potential risks.
+Our answer to this problem was to create an extension model with fewer shared states between the browser and its extensions. Microsoft Edge doesn’t support [Vector Markup Language, VBScript, JScript, Toolbars, Browser Helper Objects, or ActiveX](http://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-part-2-saying-goodbye-to-activex-vbscript-attachevent/). However, with the use and support of HTML5, the need for those extensions has been greatly reduced, allowing sites to be as full-functioning as before, without the same potential risks.
 
 If you still want to have more extensibility beyond what’s provided by HTML5, you can see the [Microsoft Edge Extensions](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/extensions/) documentation for a modern, HTML/JS/CSS-based extension model.  Extensions can be disabled through [Group Policy or Mobile Data Management (MDM)](https://technet.microsoft.com/itpro/microsoft-edge/available-policies) policies.
 
 ### Reduced attack surfaces
-In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also has no support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). This means that the browser is much more secure than before. However, it also means that it’s not as backward compatible as before.
+In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also has no support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Having a significantly reduced attack surface means that the browser is much more secure than before. However, it also means that it’s not as backward compatible as before.
 
-Because of that, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backwards compatibility.
+Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backwards compatibility.
 
 ### Code integrity and image loading restrictions
 Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded.
 
 ### Memory corruption mitigations
-Memory corruption happens most frequently to apps written in C or C++ because the languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed info to a program and the program can’t handle it, causing the program’s memory state to corrupt and to allow the attacker to take control of the program.
+Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed info to a program and the program can’t handle it, causing the program’s memory state to corrupt and to allow the attacker to take control of the program.
 
 Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
 
 #### Memory Garbage Collector (MemGC) mitigation
 MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory.
 
-**Note**<br>MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge and Internet Explorer 11.
+**Note**<br>MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7 and newer.
 
 #### Control Flow Guard
 Ultimately, attackers use memory corruption attacks to gain control of the CPU program counter so that they can jump to any code location they want. Control Flow Guard is a Microsoft Visual Studio technology that compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only go to function entry points with known addresses. This makes attacker take-overs much more difficult by severely constraining where a memory corruption attack can jump to.

From f76f61bccb4037ba678cdcb092bec5ce9b425a56 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Thu, 26 May 2016 09:39:48 -0700
Subject: [PATCH 6/8] Updated based on tech reviews

---
 .../security-enhancements-microsoft-edge.md   | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
index 0de7d4ca94..d407ce7d7c 100644
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -41,31 +41,32 @@ Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused
 
 The Microsoft EdgeHTML engine also helps to defend against trickery through these new security standards features:
 
-- Support for the W3C standard and the [Content Security Policy (CSP) specification](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy). Both of which can help developers defend against cross-site scripting attacks.
+- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
 
 - Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
 
+    **Note**<br>
+    Both Microsoft Edge and Internet Explorer 11 support HSTS.
+
 - Support for the [Meta referrer](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/meta-referrer/) tag, which specifies what info should be passed through the HTTP header to any request sent from a webpage.
 
 ## Help against hacking
 While Microsoft Edge has done much to help defend against trickery, it’s also undergone a major overhaul of the DOM representation in the browser’s memory, allowing the code to be more resistant to attacks that attempt to subvert the browser, like in many hacking attempts.
 
 ### Microsoft Edge is now a 64-bit app
-The largest security change to Microsoft Edge is that we’ve made it a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; providing reliable and trustworthy behavior along with additional isolation and protection from outside attacks.
+The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; helping to provide the user and the platform with the [confidence](http://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Windows store apps.
 
-Additionally, Microsoft Edge has been updated to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system. 
-
-#### 64-bit processes and Address Space Layout Randomization (ASLR)
-Strengthening Windows Address Space Layout Randomization (ASLR) provides significant advantages to 64-bit processes in general, and browser processes specifically, making it much more difficult for attackers to inject malicious code into a browser process through a coding exploit.
-
-ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
-
-### All web content runs in an AppContainer sandbox
+#### All web content runs in an app container sandbox
 Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
 
-Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 technology, providing an even stronger sandbox, using deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
+Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing an even stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
 
-Microsoft Edge takes EPM even farther, running its content processes in AppContainers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
+Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
+
+#### 64-bit processes and Address Space Layout Randomization (ASLR)
+We've updated Microsoft Edge to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
+
+The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR). ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
 
 ### New extension model and HTML5 support
 Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
@@ -75,15 +76,15 @@ Our answer to this problem was to create an extension model with fewer shared st
 If you still want to have more extensibility beyond what’s provided by HTML5, you can see the [Microsoft Edge Extensions](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/extensions/) documentation for a modern, HTML/JS/CSS-based extension model.  Extensions can be disabled through [Group Policy or Mobile Data Management (MDM)](https://technet.microsoft.com/itpro/microsoft-edge/available-policies) policies.
 
 ### Reduced attack surfaces
-In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also has no support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Having a significantly reduced attack surface means that the browser is much more secure than before. However, it also means that it’s not as backward compatible as before.
+In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible.
 
-Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backwards compatibility.
+Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility.
 
 ### Code integrity and image loading restrictions
 Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded.
 
 ### Memory corruption mitigations
-Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed info to a program and the program can’t handle it, causing the program’s memory state to corrupt and to allow the attacker to take control of the program.
+Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed input to a program and the program can’t handle it, corrupting the program’s memory state and allowing the attacker to take control of the program.
 
 Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
 
@@ -101,7 +102,7 @@ Ultimately, attackers use memory corruption attacks to gain control of the CPU p
 We’ve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that you’re more protected than ever before.
 
 #### Fuzzing/Static Analysis
-We’ve devoted more than 320 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 100-billion DOM manipulations from 230-million non-unique HTML files. That’s a 3x scale increase over previous product testing. Because of all of this, hundreds of security issues were addressed before the product shipped.
+We’ve devoted more than 670 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 400-billion DOM manipulations from 1-billion HTML files. Because of all of this, hundreds of security issues were addressed before the product shipped.
 
 #### Code Review & Penetration Testing
 Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping.

From 9623644ed30719e7682e55d7d413951f2177bae4 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Mon, 13 Jun 2016 12:37:11 -0700
Subject: [PATCH 7/8] Updated based on final feedback and sign off

---
 .../security-enhancements-microsoft-edge.md   | 78 ++++++++-----------
 1 file changed, 33 insertions(+), 45 deletions(-)

diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
index d407ce7d7c..9db29bd47d 100644
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -8,7 +8,7 @@ title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
 ---
 
 # Security enhancements for Microsoft Edge
-Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
+Microsoft Edge is designed with significant security improvements, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
 
 ## Help to protect against web-based security threats
 While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:
@@ -19,27 +19,29 @@ While most websites are safe, some sites have been designed to steal personal in
 
 While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience.
 
-### Windows Hello
+### Help against trickery
+Web browsers can help defend your employees against trickery by identifying and blocking known tricks, and by using strong security protocols to ensure that they’re talking to the web site they think they’re talking to.
+
+#### Windows Hello
 Phishing scams get people to enter passwords into a fake version of a trusted website, such as a bank. Attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success, since attackers are too good at faking legitimate experiences for many people to notice the difference.
 
 To really address this problem, we need to stop people from entering plain-text passwords into websites. So in Windows 10, we gave you [Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/) technology with asymmetric cryptography that authenticates both the person and the website.
 
 Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/).
 
-### Microsoft SmartScreen
-Microsoft SmartScreen, used in both Windows 10 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend people against being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm) and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/). Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software, and may be hosted on trusted sites.
+#### Microsoft SmartScreen
+Microsoft SmartScreen, used in Windows 10 and both Internet Explorer 11 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend people against being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/). Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software, and may be hosted on trusted sites.
 
-**Note**<br>
-Both Microsoft Edge and Internet Explorer 11 help to prevent drive-by attacks on Windows 10.
+#### Certificate Reputation system
+While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites. To help address this problem, we introduced the [Certificate Reputation system](http://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates.
 
-### Certificate Reputation system
-While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites.
-To help address this problem, we introduced the [Certificate Reputation system](http://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates.
+### Help against hacking
+While Microsoft Edge has done much to help defend against trickery, the browser’s “engine” has also been overhauled to resist hacking (attempts to corrupt the browser itself) including a major overhaul of the DOM representation in the browser’s memory, and the security mitigations described here.
 
-### Microsoft EdgeHTML and modern web standards
+#### Microsoft EdgeHTML and modern web standards
 Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused on modern standards that let web developers build and maintain a consistent site across all modern browsers.
 
-The Microsoft EdgeHTML engine also helps to defend against trickery through these new security standards features:
+The Microsoft EdgeHTML engine also helps to defend against hacking through these new security standards features:
 
 - Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
 
@@ -48,70 +50,56 @@ The Microsoft EdgeHTML engine also helps to defend against trickery through thes
     **Note**<br>
     Both Microsoft Edge and Internet Explorer 11 support HSTS.
 
-- Support for the [Meta referrer](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/meta-referrer/) tag, which specifies what info should be passed through the HTTP header to any request sent from a webpage.
-
-## Help against hacking
-While Microsoft Edge has done much to help defend against trickery, it’s also undergone a major overhaul of the DOM representation in the browser’s memory, allowing the code to be more resistant to attacks that attempt to subvert the browser, like in many hacking attempts.
-
-### Microsoft Edge is now a 64-bit app
-The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; helping to provide the user and the platform with the [confidence](http://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Windows store apps.
-
 #### All web content runs in an app container sandbox
 Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
 
-Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing an even stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
+Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing a stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
 
-Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
+Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure. 
 
-#### 64-bit processes and Address Space Layout Randomization (ASLR)
-We've updated Microsoft Edge to run in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
+#### Microsoft Edge is now a 64-bit app
+The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within app container sandboxes; helping to provide the user and the platform with the [confidence](http://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Windows store apps.
+
+##### 64-bit processes and Address Space Layout Randomization (ASLR)
+Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
 
 The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR). ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
 
-### New extension model and HTML5 support
+#### New extension model and HTML5 support
 Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
 
-Our answer to this problem was to create an extension model with fewer shared states between the browser and its extensions. Microsoft Edge doesn’t support [Vector Markup Language, VBScript, JScript, Toolbars, Browser Helper Objects, or ActiveX](http://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-part-2-saying-goodbye-to-activex-vbscript-attachevent/). However, with the use and support of HTML5, the need for those extensions has been greatly reduced, allowing sites to be as full-functioning as before, without the same potential risks.
+Based on that learning, we’ve stopped supporting binary extensions in Microsoft Edge and instead encourage everyone to use our new, scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/en-us/microsoft-edge/extensions/).
 
-If you still want to have more extensibility beyond what’s provided by HTML5, you can see the [Microsoft Edge Extensions](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/extensions/) documentation for a modern, HTML/JS/CSS-based extension model.  Extensions can be disabled through [Group Policy or Mobile Data Management (MDM)](https://technet.microsoft.com/itpro/microsoft-edge/available-policies) policies.
-
-### Reduced attack surfaces
+#### Reduced attack surfaces
 In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible.
 
 Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility.
 
-### Code integrity and image loading restrictions
+#### Code integrity and image loading restrictions
 Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded.
 
-### Memory corruption mitigations
+#### Memory corruption mitigations
 Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed input to a program and the program can’t handle it, corrupting the program’s memory state and allowing the attacker to take control of the program.
 
 Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
 
-#### Memory Garbage Collector (MemGC) mitigation
-MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory.
+##### Memory Garbage Collector (MemGC) mitigation
+MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7 and newer operating systems. MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory.
 
-**Note**<br>MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7 and newer.
-
-#### Control Flow Guard
+##### Control Flow Guard
 Ultimately, attackers use memory corruption attacks to gain control of the CPU program counter so that they can jump to any code location they want. Control Flow Guard is a Microsoft Visual Studio technology that compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only go to function entry points with known addresses. This makes attacker take-overs much more difficult by severely constraining where a memory corruption attack can jump to.
 
-**Note**<br>Control Flow Guard is always turned on for Microsoft Edge.
-
-### Designed for security
+#### Designed for security
 We’ve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that you’re more protected than ever before.
 
-#### Fuzzing/Static Analysis
+##### Fuzzing/Static Analysis
 We’ve devoted more than 670 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 400-billion DOM manipulations from 1-billion HTML files. Because of all of this, hundreds of security issues were addressed before the product shipped.
 
-#### Code Review & Penetration Testing
+##### Code Review & Penetration Testing
 Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping.
-  
-#### Windows REDTEAM
-The Windows REDTEAM emulates the techniques and expertise of skilled, real-world attackers.  Exploited Microsoft Edge vulnerabilities discovered through penetration testing can be addressed before public discovery and real-world exploits.
  
-#### Bug Bounty Programs
-Despite all of our best efforts, we realize that there will be security vulnerabilities in Microsoft Edge that we don’t yet know about. To minimize customer impact, we offer ongoing bounty programs intended to incent security researchers to report vulnerabilities to us. If you’re a security researcher and you’re interested in the bounty program, you can find more info [here](https://technet.microsoft.com/en-us/library/dn425036.aspx).
+##### Windows REDTEAM
+The Windows REDTEAM emulates the techniques and expertise of skilled, real-world attackers. Exploited Microsoft Edge vulnerabilities discovered through penetration testing can be addressed before public discovery and real-world exploits.
 
 
 

From bc3ebb7e5f89811fa1594cea437fc48e5991cd24 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Mon, 13 Jun 2016 12:46:58 -0700
Subject: [PATCH 8/8] Updated for new security topic

---
 browsers/edge/change-history-for-microsoft-edge.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index 1a79a97be1..60e52629df 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -9,6 +9,11 @@ ms.sitesec: library
 # Change history for Microsoft Edge
 This topic lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile.
 
+## June 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |New |
+
 ## May 2016
 
 |New or changed topic | Description |