2016 Windows Mitigations

In 2016, Microsoft took several steps to improve and increase security for modern Windows versions in small steps, called mitigations. These mitigations serve as security measures to decrease and prevent the risk of a vulnerability being exploited.  Microsoft first started with Windows 8 by introducing a special API SetProcessMitigationPolicy, which turns on mitigations supported by the current version. Some of the Windows 8.1 mitigations include, ProcessDEPPolicy, ProcessASLRPolicy, ProcessDynamicCodePolicy, and ProcessControlFlowGuardPolicy.

In Windows 10, Microsoft released three new kinds of mitigations: ProcessSignaturePolicy, PRocessFontDisablePolicy, and ProcessImagePolicy. Each policy has been created as a means to better secure Windows software. 

ProcessSignaturePolicy: Is used as a security measure to let only an image with a specific digital signature to load into a target application. These images can be signed by Microsoft, Windows Store, the Windows Hardware Quality Labs. For example, if turned on the Edge web browser only images with the digital signature from the Windows Store would load.

ProcessFontDisablePolicy: Is used to prevent non-system fonts from loading, only allowing fonts from %windir%\fonts. Turning this on will prevent the possibility of a compromise while the fonts are loading.

ProcessImageLoadPolicy: Is used to determine which executable images can be loaded and forbids others. When turned on images from certain locations will not be able to load; for example, from a remote device or if the image is marked as Low Integrity Level.

Another security feature added to IE11 for Windows 8 update 3 and with Edge on Windows 10 is Control Flow Guard (CFG). Made to combat memory corruption, the CFG allows applications the ability to mitigate the exploitation vectors involved with indirect control flow transfers used to exploit code. In other words, CFG puts restrictions on where an application can execute from, making it harder to implement arbitrary codes through vulnerabilities like buffer overflow. Without CFG, an attacker can redirect a program to an undesired location. Using CFG, with a combination of compile and run-time support there is controlled flow of traffic because CFG restricts where instructions can be executed.

Furthermore, Windows keeps and will continue to add new mitigations for modern Windows versions to help decrease attacks and improve security.