After last week’s pwn2own and pwnium contests, browser security is, once more, a hot topic. The existence of flaws in browsers is nowadays taken for granted: what security researchers are most interested in is the mitigation techniques browsers use to try to render those flaws harmless. Microsoft published a recent blog post discussing some of the new mitigation techniques that will be used in Internet Explorer 10.
The post first addresses existing anti-exploitation measures already used by Internet Explorer. These are a mix of compile-time techniques—Microsoft’s compiler injects code to detect some buffer overflows, for example—and runtime techniques—such as the “Data Execution Prevention” that makes it harder to exploit buffer overflows.
Read the comments on this post
New Internet Explorer 10 memory protection features not just for Internet Explorer