The Project Zero team has now released the details of the open bypass for an exploit protection technique. It is an interaction of the Arbitrary Code Guard (ACG) technology used from the Windows 10 Creators Update which should provide protection against attacks from the Internet. If an attempt is made to load malicious code into the memory, the ACG will turn on. This defense should ensure that only correctly signed code can be mapped into memory. However, there is a problem in conjunction with the just-in-time (JIT) compiler, which as a rule runs native code, sometimes unsigned, in a content process.
The vulnerability circumvents this capability, but, as Google’s Project Zero found out, the problem arises because the JIT process writes executable data to the content process. To make sure that JIT compilers work with ACG enabled, Microsoft has integrated Edge’s JIT compilation into a separate process that runs in its own sandbox. According to Microsoft, this step was “a non-trivial engineering task”, which is now the main reason why the vulnerability can not be resolved so quickly.
There is also an official statement from Microsoft. It states, among other things, that the fix is more complex than initially thought and it is very likely that a release date in February due to the memory management problems can not be met. “The team is confident that they will finish on March 13, but this is beyond the 90-day SLA and the 14-day deadline to adapt to the monthly updates.” This is of course the patch-day, which is planned on the second Tuesday of each month.