System protection is and always will be a top concern for all parties involved since there are many who will try to take advantage of different situations with software. Well-designed security measures will stop them from doing so, though, like how Microsoft’s Windows 10 recently overcame odds and managed to block some zero-day threats without even patching against them.
Microsoft released an extensive post through its representatives Elia Florio and Matt Oh recently, part of Microsoft’s Windows Defender ATP research team. They had tuned in to educate people about zero-day threats and how Microsoft put a countermeasure in place that seems to have worked. The countermeasure against zero-day threats is actually referred to as zero-day exploit mitigation and has been made part of Windows Anniversary Update.
In this most recent situation, the group Strontium was behind a series of attacks back in October using the CVE-2016-7255 vulnerability. The attacks were against targets from the US using a combination of a Microsoft Windows 10 vulnerability and a Flash Player back door. Attackers tried to gain access and compromise sensitive information but that didn’t happen because the zero-day mitigation systems put in place by Microsoft stopped them from being able to get past the second phase.
If you have experienced a BSOD in that time period this might have been the reason. However, a BSOD is the only damage attackers were able to do to targets. There is also an explanation of how Windows was able to fend off the threat: It seems that the mitigations used by the developer rely on additional checking of length fields and securing virtual address ranges so that they can’t be used for RW primitives.
RELATED STORIES TO CHECK OUT:
- Windows 10 Anniversary Update adoption rate is on the rise
- Most Windows 10 Anniversary Update issues still present, two months after release
- Windows 10 Anniversary Update is Microsoft’s most secure OS