Remote Code Execution or RCE has been one of the most preferred methods by hackers to infiltrate a network/machines. In simple words, Remote Code Execution occurs when an attacker exploits a bug in the system and introduces malware. The malware will exploit the vulnerability and help the attacker execute codes remotely. This is akin to actually handing over the control of your entire PC to someone else with all admin privileges.
Remote Code Execution attacks
It’s common for modern browser exploits to attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is most preferred since it allows the attackers to accomplish their means with the least resistance.
Steps to safeguard from Remote Code Execution
Microsoft has been fighting against the problem of web browser vulnerabilities by laying out a systematic approach that aims to eliminate the entire class of vulnerabilities. The first step is to think like a hacker and try to deduce the steps that have been used to exploit the vulnerabilities. This gives us more control and will also help us shield the attack better. The vulnerability classes are eliminated by reducing the attack surface and detecting specific mitigation patterns.
Break the Techniques and Contain damage
As we explained earlier in order to combat the attackers one needs to think like a hacker and try to deduce his techniques. That said it is safe to presume that we won’t be able to break all of the techniques and the next step is to contain the damage on a device once the vulnerability is exploited.
This time around the tactics can be directed at the attack surface which is accessible from code that is running within Microsoft Edge’s browser sandbox. A Sandbox is a secure environment in which the apps can be tested.
Limit the windows of opportunity
Now, this is sort of a contingency plan considering that all the other methods have failed one needs to limit the window of opportunity for the attackers by using powerful and efficient tools. One can also report the incident at Microsoft Security Response Center and can use other technologies including Windows Defender and SmartScreen which are usually effective in blocking malicious URLs. CIG and ACG together prove to be extremely effective in handling the exploits. What this means is that hackers should now devise new ways which can circumvent the layer of security provided by CIG and ACG.
Arbitrary Code Guard & Code Integrity Guard
Microsoft battles the exploits with ACG (Arbitrary Code Guard) and CIG (Code Integrity Guard) both of which help combat the loading of malicious code into memory. Microsoft Edge is already using the technologies like ACG and CIG to avoid hacking attempts
In case you are a developer, there are many ways in which you can safeguard your code against such exploits. Ensure that your code adheres to the bounds of data buffers and also ensure that you don’t trust the users when it comes to giving out their data. Always try to assume the worst case scenario and build the program such that it can handle it, in other words, it’s always better to be a defensive programmer.
Read: Attack Surface Reduction feature in Windows Defender.
Leave a Reply