So this basically aims at preventing indirect call targeting address of shellcode, then it won't conflict with EMET or HMPA (and maybe MBAE too.) Maybe quite effective for many use-after-free attack?
More here as well: http://blogs.msdn.com/b/vcblog/arch...review-work-in-progress-security-feature.aspx I was reading about this over the past few days and it seems quite interesting. It looks like CFG has to be enabled and compiled within the binaries and works for Windows 10 and also Windows 8.1 (November Update). The good thing is that it doesn't break the software if used on older OS which doesn't support CFG. I am curious as to whether or not EMET would be able to add this functionality. I'm not sure since CFG is added at compile time though. But not entirely sure if EMET could add that similar to how it injects it's .DLL into processes. It will be interesting to see. Good to see Microsoft thinking of newer mitigation methods, regardless.
Thanks for the link. Well, I also wonder and not sure if EMET can do. I personally hope regenpijp to chime in as he know those things better. Anyway it seems MS adds new mitigation every time when they release new OS, good thing except they don't spent much for non-latest OSes.
After they release new version of OS, they usually don't add new features to old one. Only security updates.
The Control Flow Guard in Windows 8.1u3 and 10 is so-called fine-grained Control-Flow Integrity (CFI) and is pure a software implementation. The CFI feature in both EMET and HitmanPro.Alert is so-called coarse grained Control-Flow Integrity. In EMET it is a pure software implementation (Caller mitigation). In Alert it is both a software and hardware implementation (Control-Flow Integrity mitigation). Control Flow Guard requires support from both the operating system (Windows 8.1u3 or 10) and recompiling of an application and its DLLs (sources needed). EMET and Alert can apply CFI to any version of Windows (XP or newer) and can be applied to any binary, no recompiling required. Of course the Control Flow Guard in Windows 8.1u3 or 10 provides better coverage as it is fine grained, but it is currently impractical as there are no binaries supporting CFG and Windows 8.1u3 market share is still very low. However over time (many years) this will change. Hope this helps.
