Microsoft described “CFG is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities.” It is designed to add indirect calls and jumps in the code, preventing the attacker from executing code at any address.
Unfortunately, Security researchers at the University of Padua have discovered a design flaw in CFG that compromises the security of Windows 8.1 and Windows 10 Andrea Biondo, one of the researchers, said:
“The [control flow] restriction is precise only when the allowed targets are aligned to 16 bytes. If they are not, then there is a 16-byte imprecision around the target […] By combining the presence of unaligned targets in common libraries with the predictability of the layout of functions generated by the compiler, we can bypass CFG.”
This vulnerability is called “Back to the Epilogue” (BATE)
The researchers will disclose details of the vulnerabilities during this month’s Black Hat Asia Conference. During this time, they will also demonstrate CFG bypass proof-of-concept code that bypasses the Microsoft Edge browser in 64-bit Windows 10 to prove that the vulnerability is in real-world scenarios. The use of.
According to the report, these flaws expose more than 500 million computers to security threats. Worse, because BATE is not specifically designated, it further amplifies its harmfulness. If the victim process loads some common libraries, the vulnerability can be easily exploited.
Security researchers said they have notified Microsoft of the incident. The company is currently working on a fix and is expected to come along with the upcoming Windows 10 Redstone 4 update.
Source: neowin