Security News > 2020 > April > Windows 10 security: How the shadow stack will help to keep the hackers at bay

Return-oriented programming has been a very common technique that's particularly hard to block, because instead of trying to inject their own code into running processes, attackers look for small chunks of the legitimate code that's already in memory that contain 'returns' - where the code jumps forward to a new routine or back to the main thread. "With ROP, I can't create new code; I can only jump around to different pieces of code and try to string that together into a payload," Dave Weston, director of OS security at Microsoft told TechRepublic.

If the legitimate code has a memory safety bug like a buffer overflow, corrupting those pointers in memory means the system starts running the attacker's own code instead of going back to the address in the program's call stack.

Windows has added multiple levels of protection, starting with signing important code and blocking runtime code generation first in the browser and then in VMs and the kernel.

This has been done for all Windows code and libraries and, Pulapaka explained, "If somebody tries to attack Windows code and we trip the CET tripwire, we will bring down the process."

That's important because the shadow stack is an important protection that we've been waiting several years for, to complete the list of Microsoft's four code protections.

News URL

https://www.techrepublic.com/article/windows-10-security-how-the-shadow-stack-will-help-to-keep-the-hackers-at-bay/#ftag=RSS56d97e7