deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated based on tech reviews

Browse Source
This commit is contained in:
LizRoss
2016-05-26 09:39:48 -07:00
parent c5f4af2afb
commit f76f61bccb
1 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
browsers/edge/security-enhancements-microsoft-edge.md
View File

@ -41,31 +41,32 @@ Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused
The Microsoft EdgeHTML engine also helps to defend against trickery through these new security standards features:
- Support for the W3C standard and the [Content Security Policy (CSP) specification](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy). Both of which can help developers defend against cross-site scripting attacks.
- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
**Note**<br>
Both Microsoft Edge and Internet Explorer 11 support HSTS.
- Support for the [Meta referrer](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/meta-referrer/) tag, which specifies what info should be passed through the HTTP header to any request sent from a webpage.
## Help against hacking
While Microsoft Edge has done much to help defend against trickery, its also undergone a major overhaul of the DOM representation in the browsers memory, allowing the code to be more resistant to attacks that attempt to subvert the browser, like in many hacking attempts.
### Microsoft Edge is now a 64-bit app
The largest security change to Microsoft Edge is that weve made it a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; providing reliable and trustworthy behavior along with additional isolation and protection from outside attacks.
The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within AppContainer sandboxes; helping to provide the user and the platform with the [confidence](http://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Windows store apps.
Additionally, Microsoft Edge has been updated to run in 64-bit not just by default, but anytime its running on a 64-bit operating system. Because Microsoft Edge doesnt support legacy ActiveX controls or 3rd-party binary extensions, theres no longer a reason to run 32-bit processes on a 64-bit system.
#### 64-bit processes and Address Space Layout Randomization (ASLR)
Strengthening Windows Address Space Layout Randomization (ASLR) provides significant advantages to 64-bit processes in general, and browser processes specifically, making it much more difficult for attackers to inject malicious code into a browser process through a coding exploit.
ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components theyre looking for.
### All web content runs in an AppContainer sandbox
#### All web content runs in an app container sandbox
Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 technology, providing an even stronger sandbox, using deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing an even stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
Microsoft Edge takes EPM even farther, running its content processes in AppContainers not just by default, but all of the time. Because Microsoft Edge doesnt support 3rd party binary extensions, theres no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesnt support 3rd party binary extensions, theres no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
#### 64-bit processes and Address Space Layout Randomization (ASLR)
We've updated Microsoft Edge to run in 64-bit not just by default, but anytime its running on a 64-bit operating system. Because Microsoft Edge doesnt support legacy ActiveX controls or 3rd-party binary extensions, theres no longer a reason to run 32-bit processes on a 64-bit system.
The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR). ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components theyre looking for.
### New extension model and HTML5 support
Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browsers processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
@ -75,15 +76,15 @@ Our answer to this problem was to create an extension model with fewer shared st
If you still want to have more extensibility beyond whats provided by HTML5, you can see the [Microsoft Edge Extensions](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/extensions/) documentation for a modern, HTML/JS/CSS-based extension model. Extensions can be disabled through [Group Policy or Mobile Data Management (MDM)](https://technet.microsoft.com/itpro/microsoft-edge/available-policies) policies.
### Reduced attack surfaces
In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also has no support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Having a significantly reduced attack surface means that the browser is much more secure than before. However, it also means that its not as backward compatible as before.
In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that its not as backward compatible.
Because of the reduced backward compatibility, weve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backwards compatibility.
Because of the reduced backward compatibility, weve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility.
### Code integrity and image loading restrictions
Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) cant be loaded.
### Memory corruption mitigations
Memory corruption happens most frequently to apps written in C or C++ because those languages dont provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed info to a program and the program cant handle it, causing the programs memory state to corrupt and to allow the attacker to take control of the program.
Memory corruption happens most frequently to apps written in C or C++ because those languages dont provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed input to a program and the program cant handle it, corrupting the programs memory state and allowing the attacker to take control of the program.
Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, weve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
@ -101,7 +102,7 @@ Ultimately, attackers use memory corruption attacks to gain control of the CPU p
Weve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that youre more protected than ever before.
#### Fuzzing/Static Analysis
Weve devoted more than 320 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. Weve also generated more than 100-billion DOM manipulations from 230-million non-unique HTML files. Thats a 3x scale increase over previous product testing. Because of all of this, hundreds of security issues were addressed before the product shipped.
Weve devoted more than 670 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. Weve also generated more than 400-billion DOM manipulations from 1-billion HTML files. Because of all of this, hundreds of security issues were addressed before the product shipped.
#### Code Review & Penetration Testing
Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping.