Microsoft beefs up memory protections in IE 10

Microsoft has boosted the memory protections in its flagship web browser as part of an effort to make it tougher for hackers to exploit security vulnerabilities.

Microsoft's newest Internet Explorer 10 browser, currently available as a consumer preview, contains two new anti-exploit mitigations --  High Entropy Address Space Layout Randomization (HEASLR) and ForceASLR -- and significant improvements to existing memory protection technologies.

According to Forbes Higman, Security Program Manager on the IE team, the new and enhanced mitigations improvements "will increase the difficulty and development cost of exploits, making life harder for the bad guys."

[ Mary Jo Foley: What's new in IE 10 in the Windows 8 Consumer Preview ]

Here's a brief explanation of the new memory protections in IE 10:

• High Entropy Address Space Layout Randomization (HEASLR) takes advantage of the increase in 64bit address space and assigns more bits to entropy. This has the effect of drastically increasing the number of potential addresses that may be assigned to a 64bit process. All 64bit processes can opt-in to the increased entropy made available by HEASLR. Processes can opt-in either at link time (/HIGHENTROPYVA) or at load time via a new Image File Execution Option. By default, the Metro style browser runs in 64bit mode on 64bit computers, providing a much larger address space and thus more random memory layout.
• ForceASLR is arguably the most important change to ASLR in Windows 8. ForceASLR is a new loader option used by Internet Explorer 10 to instruct the operating system to randomize the location of all modules loaded by the browser, even if a given module was not compiled with the /DYNAMICBASE flag. The ForceASLR protection was added to the Windows 8 kernel, and the feature is now available as an update to Windows 7 that will be installed when Internet Explorer 10 is installed on that platform. To help ensure compatibility with this feature, and to provide memory-randomization protection to older Internet Explorer versions that don’t support ForceASLR, we continue to recommend that add-on developers make use of the /DYNAMICBASE flag.

[ SEE: Ten little things to secure your online presence ]

Microsoft believes these protection technologies can provide a front line of defense to block malicious attackers.

"These technologies exist to make exploiting vulnerabilities more difficult, less reliable, and in some cases impossible. Memory protections aim to safely terminate a browser process under attack before a vulnerability can be successfully exploited to run the attacker’s code. In many cases, protections allow vendors time to produce and distribute a fix before a vulnerability can be exploited to cause damage," Higman said.

ALSO SEE:

• Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities
• Video: Microsoft responds to Pwn2Own IE hack
• Microsoft warns of dangerous IE browser vulnerabilities
• Microsoft says Google was hacked with IE zero-day
• New Microsoft IE zero-day flaw under attack | ZDNet