MJ0011 is the general manager in the Department of Core Security at Qihoo360 Technology. He leads the vulnerability research team 360Vulcan which has achieved hundreds of CVEs from Microsoft/Apple/Adobe and won the Pwn2Own2015 IE target.
[Abstract] Starting from Windows 10 Tech Preview version to July's RTM release, Microsoft never stops the pace of pursuing the most secure operation system by adding more security features to the system. It includes Control Flow Guard, Font Mitigations, Symbolic Link Mitigations and Virtualization Security ( Credential Guard & Device Guard). Besides, Microsoft has introduced a new Edge browser with more strict security policies and features compared to Internet Explorer. However, New bugs will always be found in new "security" code.
This presentation will cover two main aspects. First, I will summarize the new security features in Windows 10 and some security failures in the newly added code. Second, I will focus on an unpatched sandbox escape bug in Edge browser. This bug has been denied by Microsoft, but I will present how this vulnerability and an unpublished RCE vulnerability can be used to completely compromise the new Edge browser remotely. Over the past 6 months , I have been working hard on persuading Microsoft to fix the sandbox escape vulnerability, however ,the communication was not as smooth as I excepted.