Microsoft Cracks Down on Toolbars, Unsigned DLLs with Edge Update

microsoft disables search protect

Microsoft claims a recent update to Edge prevents the loading of unsigned DLLs without consent, something that should make it more difficult for an attacker to compromise the browser.

The security community rejoiced when Microsoft announced earlier this year that it would strip maligned extensions such as ActiveX and VB Script – often bullied in attacks – from its new Edge browser.

Now the company claims a recent update to the browser prevents the loading of unsigned DLLs without consent, something that should make it more difficult for an attacker to compromise Edge.

In addition to hardening the browser against attacks, the update should speed up Edge and stop unwanted binary extensions and software from running, crashing, or tainting search results with malware.

Crispin Cowan, a senior program manager at the company wrote about the changes in a post to the Microsoft Edge Development blog Tuesday.

It turns out that when the company pushed an update for Windows 10 last week, they upgraded the rendering engine that powers the browser to “EdgeHTML 13,” something that brings kernel-level protection against code injection. Going forward, the mechanism should block DLL injections on the browser, unless they’re components signed by Microsoft, or Windows Hardware Quality Lab (WHQL) Cowan claims.

By enforcing code integrity within the kernel, as opposed to in the process, the company claims it will make it so ad injectors can’t turn off the integrity check, something a hacker could disable otherwise.

“The attacker is trying to colonize the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorized DLL injection makes browser exploits more difficult and more expensive for attackers to carry out,” Cowan said, adding that his team has already seen the change in Edge work wonders for beta users.

“From a sample of about 65,000 Windows Insider users… module code integrity protected 2704 users from attempts to load adware and malware,” Cowan said.

When Microsoft first announced Edge back in May, it claimed the browser would have a handful of hidden, built-in security features. The browser boasts two features that protect against memory corruption attacks, MemGC and Control Flow Guard, but it was the absence of support for VML, VB Script, toolbars, BHOs, and ActiveX that really piqued the interest of security professionals.

Suggested articles

Stealthy MacOS Malware Tied to Lazarus APT

Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.