The Windows Club

Remote Code Execution attacks and Prevention steps

Remote Code Execution or RCE has been one of the most preferred methods by hackers to infiltrate into a network/machines. In simple words, Remote Code Execution occurs when an attacker exploits a bug in the system and introduces a malware. The malware will exploit the vulnerability and help the attacker execute codes remotely. This is akin to actually handing over the control of your entire PC to someone else with all admin privileges.

Remote Code Execution

It’s common for modern browser exploits to attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is most preferred since it allows the attackers to accomplish their means with least resistance.

Steps to safeguard from Remote Code Execution

Microsoft has been fighting against the problem of web browser vulnerabilities by laying out a systematic approach that aims at eliminating the entire class of vulnerabilities. The first step is to think like a hacker and try to deduce the steps that have been used to exploit the vulnerabilities. This gives more control to us and will also help us shield the attack in a better way. The classes of vulnerability are eliminated by reducing attack surface and by detecting specific mitigation patterns.

Break the Techniques and Contain damage

As we explained earlier in order to combat the attackers one needs to think like a hacker and try to deduce his techniques. That said it is safe to presume that we won’t be able to break all of the techniques and the next step is to contain damage on a device once the vulnerability is exploited.

This time around the tactics can be directed at the attack surface which is accessible from code which is running within Microsoft Edge’s browser sandbox. A Sandbox is a secure environment in which the apps can be tested.

Limit the windows of opportunity

Now, this is sort of a contingency plan considering that all the other methods have failed one needs to limit the window of opportunity for the attackers by using powerful and efficient tools. One can also report the incident at Microsoft Security Response Center and can use other technologies including Windows Defender and SmartScreen which are usually effective in blocking malicious URLs. CIG and ACG together prove to be extremely effective in handling the exploits. What this means is that hackers should now devise new ways which can circumvent the layer of security provided by CIG and ACG.

Arbitrary Code Guard & Code Integrity Guard

Microsoft battles the exploits with ACG (Arbitrary Code Guard) and CIG (Code Integrity Guard) both of which help combat the loading of malicious code into memory. Microsoft Edge is already using the technologies like ACG and CIG to avoid hacking attempts

In case you are a developer, there are many ways in which you can safeguard your code against such exploits. Ensure that your code adheres to the bounds of data buffers and also ensure that you don’t trust the users when it comes to giving out their data. Always try to assume the worst case scenario and build the program such that it can handle it, in other words, it’s always better to be a defensive programmer.