|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Substantial security improvements coming to Microsoft Edge
I’m as skeptical as the next guy – moreso, actually – but I’m impressed by the security enhancements planned for the next version of Edge.
Matt Miller has an overview here.
Part 2 should be out shortly.
Long and short of it:
Most modern browser exploits attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is prevalent because it provides the path of least resistance for attackers by enabling them to flexibly and uniformly stage each phase of their attack. For defenders, preventing arbitrary native code execution is desirable because it can substantially limit an attacker’s range of freedom without requiring prior knowledge of a vulnerability. To this end, Microsoft Edge in the Creators Update of Windows 10 leverages Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.
I don’t know how quickly the bad guys will be able to break CIG and ACG, but if they hold up as long as ASLR, it’ll be a significant improvement.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Clock missing above calendar in Windows 10
by 2 minutes ago
-
Formula to Calculate Q1, Q2, Q3, or Q4 of the Year?
by 2 hours, 58 minutes ago
-
The time has come for AI-generated art
by 9 hours, 25 minutes ago
-
Hackers are using two-factor authentication to infect you
by 3 hours, 26 minutes ago
-
23 and you
by 9 hours, 27 minutes ago
-
April’s deluge of patches
by 25 minutes ago
-
Windows 11 Windows Updater question
by 1 hour, 41 minutes ago
-
Key, Key, my kingdom for a Key!
by 1 day ago
-
Registry Patches for Windows 10
by 1 day, 5 hours ago
-
Cannot get line length to NOT wrap in Outlining in Word 365
by 11 hours, 39 minutes ago
-
DDU (Display Driver Uninstaller) updates
by 22 hours, 27 minutes ago
-
Align objects on a OneNote page
by 1 day, 10 hours ago
-
OneNote Send To button?
by 1 day, 11 hours ago
-
WU help needed with “Some settings are managed by your organization”
by 1 day, 19 hours ago
-
No Newsletters since 27 January
by 25 minutes ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 20 hours, 22 minutes ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 19 hours, 2 minutes ago
-
Google One Storage Questions
by 3 hours, 1 minute ago
-
Button Missing for Automatic Apps Updates
by 10 hours, 16 minutes ago
-
Ancient SSD thinks it’s new
by 1 day ago
-
Washington State lab testing provider exposed health data of 1.6 million people
by 2 days, 10 hours ago
-
WinRE KB5057589 fake out
by 9 minutes ago
-
The April 2025 Windows RE update might show as unsuccessful in Windows Update
by 1 day, 18 hours ago
-
Firefox 137
by 21 hours, 22 minutes ago
-
Whisky, a popular Wine frontend for Mac gamers, is no more
by 2 days, 23 hours ago
-
Windows 11 Insider Preview build 26120.3863 (24H2) released to BETA
by 2 days, 23 hours ago
-
Windows 11 Insider Preview build 26200.5551 released to DEV
by 2 days, 23 hours ago
-
New Windows 11 PC setup — can I start over in the middle to set up a local id?
by 1 day, 19 hours ago
-
Windows 11 Insider Preview Build 26100.3902 (24H2) released to Release Preview
by 3 days, 2 hours ago
-
Oracle kinda-sorta tells customers it was pwned
by 3 days, 8 hours ago
Remembering Woody
