Internet Explorer offers layered defenses to protect against and mitigate each of three major classes of threats that browser users face when surfing the sometimes-hostile Web:
- Technological attacks designed to exploit the browser or operating system
- Web attacks designed to exploit vulnerabilities in Web sites
- Social engineering attacks against the user's trust
This blog post covers how browsers' memory protections mitigate threats in the first class. Internet Explorer 9 utilizes the latest memory protection technologies to help prevent an attacker's code from running if a memory-related vulnerability is discovered in the browser or one of its add-ons:
- DEP/NX (Data Execution Prevention / No eXecute) is enabled by default in IE8 and 9 and it's the foundation of memory protection in the browser. DEP/NX works with your system's processor to distinguish between code and data, helping to prevent execution of data placed into memory by an attacker. If the processor determines that it has been directed to execute a block of memory lacking the proper marking, it'll securely terminate the process before executing the specified instructions.
- ASLR (Address Space Layout Randomization) is a defense that helps ensure that the memory space of a process is laid out in an unpredictable manner. ASLR helps ensure that an attacker cannot easily bypass DEP/NX protections using a trick called "Return Oriented Programming" in which the attacker simply sets up the attack and jumps to existing code locations, abusing functions which are a part of the browser and operating system.
- SafeSEH (Safe Structured Exception Handling) is a compiler option which helps prevent the injection of malicious structured exception handlers into an exception handling chain. All 64bit code and all of IE's code is compiled with the SafeSEH flag. However, like ASLR, this mitigation is enabled on a per-DLL basis, and hence it requires that add-ons be compiled with the flag in order to ensure comprehensive protection.
- IE9 opts-in to SEHOP (Structured Exception Handler Overwrite Protection) a new feature which's enabled on a per-process basis and hence does not require opt-in by individual DLLs.
- Lastly, IE9 is compiled with the new C++ compiler provided with VS 2010. This compiler includes a feature known as Enhanced GS aka Stack Buffer Overrun Detection, which helps prevent stack buffer overruns by detecting stack corruption and avoiding execution if such corruption is encountered.