Microsoft will CFGdescribeIt is "a highly optimized, secure feature platform for memory leaks."It aims to add indirect calls and jumps to the code to prevent an attacker from executing code at any address.
Unfortunately,Security researchers at the University of Padua have found a design defect that "makes CFG backwards compatible to improve performance."Andrea Biondo, one of the researchers, says:
The control flow is limited only when the allowed target is aligned with 16 bytes. If not, there will be a 16 byte non accurate address around the target.
By combining the unaligned objects in the public library and combining the predictability of the function layout generated by the compiler, we can bypass the control flow protection (CFG).
The vulnerability is called "Back to the Epilogue" (BATE)
The researchers will be held this monthBlack hat Asia ConferenceOn the details of disclosing vulnerabilities, they will also demonstrate the CFG bypss concept verification code of Microsoft Edge browser in 64 Windows 10, which will prove the application of the vulnerability in real scenes.
The report says the vulnerability is a security threat to more than 500 million computers. Worse, because BATE is not specifically designated, this further amplifies its harmfulness. If some public libraries are loaded by the victimization process, the vulnerability can be easily exploited.
Security researchers said they had informed Microsoft about this. Now the company is working on the repair. It is expected that the updated Windows 10 Redstone 4 will be released soon.
GitHub transmission gate: