Windows 10 Anniversary Update thwarted zero-day exploits last year prior to release of patches

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

Security is Microsoft’s main selling point for the latest version of its desktop operating system. The software giant is now reiterating that it is serious with that goal by exemplifying how, at some point in 2016, it thwarted some zero-day exploits before patches became available.

The Microsoft Malware Protection Center team illustrated how the latest Windows 10 security features defeated two zero-day vulnerabilities in November 2016 even before Microsoft patched those flaws. Those security features were part of the Anniversary Update that Microsoft rolled out last summer.

Microsoft said that it was testing the exploits that targeted mitigation strategies released in August 2016. The goal was to demonstrate how those techniques might mitigate future zero-day exploits that have the same traits. The Redmond company said in a blog post:

“A key takeaway from the detonation of zero-day exploits is that each instance represents a valuable opportunity to assess how resilient a platform can be — how mitigation techniques and additional defensive layers can keep cyberattacks at bay, while vulnerabilities are being fixed and patches are being deployed. Because it takes time to hunt for vulnerabilities and it is virtually impossible to find all of them, such security enhancements can be critical in preventing attacks based on zero-day exploits.”

Microsoft also said it demonstrated how exploit mitigation techniques in Windows 10 Anniversary Update neutralized exploit methods on top of the specific exploits themselves. This led to the reduction of the attack surfaces that would have paved the way for future zero-day exploits.

More specifically, the team examined two kernel-level exploits that advanced persistent threat group STRONTIUM used to attempt to attack Windows 10 users. The team logged the exploit as CVE-2016-7255, which Microsoft detected in October 2016 as part of a spear-phishing campaign that targeted think tanks and nongovernmental organizations in the U.S. The APT group combined the bug with an Adobe Flash Player flaw, a common ingredient in many attacks.

The second exploit is codenamed CVE-2016-7256, an OpenType font elevation-of-privilege exploit that surfaced as part of the attacks against South Korean victims in June 2016. The two exploits escalated privileges. The Windows 10 security techniques that came with the Anniversary Update blocked both threats.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions