Microsoft has heavily promoted the advances it’s made in Windows 10’s built-in exploit mitigations to encourage enterprise adoption, but Google’s Project Zero isn’t convinced key defenses can stand up to advanced hackers.
Project Zero researcher Ivan Fratric has released a white paper detailing the group’s work on undermining Windows 10 Creators Update feature Arbitrary Code Guard (ACG), when applied to Microsoft Edge.
Currently ACG exploit mitigation is exclusive to Edge and aims to prevent advanced attackers from executing malicious code in memory if they’ve already compromised a content process in the browser.