Microsoft has had enough challenges in getting people to adopt its Edge browser. Despite a major push, including pop ups in Windows 10 encouraging people to try it, its market share remains stubbornly in the single digits.
The events of a few days ago won't help. At the annual Pwn2Own event during the Black Hat conference, where major pieces of software are subjected to hacks, Edge was the most hacked browser and was successfully exploited at least five times.
Left a little red-faced, the company has now vowed to improve the security of its browser's sandbox. In a new blog post, Microsoft explained how hackers have been able to pull of remote code execution (RCE) through Edge, and vowed to improve the Edge sandbox with the Windows 10 Creators Update, which is reportedly due in April.
These changes would have to predate the Pwn2Own event, because the Creators Update is in its final stages of testing and should be at the release candidate stage. Microsoft is certainly not adding any new features to it now.
Since Edge does not support ActiveX, it's able to run inside a sandbox at all times, reducing what's known as the attack surface of the browser. The browser has multiple app containers, all of which are sandboxed. As Microsoft's Crispin Cowan explains:
One of the most effective ways to eliminate vulnerabilities in complex applications is to minimize the amount of code that an attacker can try to find vulnerabilities in. This is often referred to as attack surface reduction and it is a key tactic in our overall strategy security. To this end, Microsoft Edge in the Creators Update of Windows 10 has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.
Microsoft said it is reducing the attack surface of the sandbox by configuring the app container to further reduce its privilege. The sandbox is much more tightly controlled than a normal app container, and several other broker processes have been moved into tuned, less privileged app containers.
With these improvements, Microsoft is claiming the new and reduced sandbox attack surface now features:
- 100% reduction access to MUTEXes. This allows a process to lock up a resource, causing hangs.
- 90% reduction in access to WinRT and DCOM APIs. This is the large win here, dramatically reducing Microsoft Edge’s attack surface against the WinRT API set.
- 70% reduction access to events and symlinks: symlinks are especially interesting, because they are often used in creative bait & switch attacks to escape sandboxes.
- 40% reduction in access to devices. Windows supports many device drivers, and their quality is somewhat beyond Microsoft’s control. The tuned sandbox cuts off access to any device that Microsoft Edge does not explicitly need, preventing attackers from using vulnerabilities in device drivers to escape, or from abusing the devices.
Microsoft cautioned that this is a work in progress, and that "security is a process, not a destination."