Forum Discussion

HotCakeX's avatar
HotCakeX
MVP
Oct 20, 2020

Why this policy is producing error? Configure new tab page URL

It's this Policy: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#newtabpagelocation   And based on the description, I've set it correctly on Edge 87 (the installed up-to-date ...
dev
edge
enterprise
help
new tab page
policy
problem
HotCakeX's avatar
HotCakeX
MVP
Oct 20, 2020

Gunnar-Haslinger 

Thank you, good job,

correct me if i'm wrong but this further proves our point because your findings show that how easy it is for an attacker to fake MDM enrollment status on a victim's system and then push their malicious policy files.

in both methods, attacker needs to have an elevated access to do all these but the lack of proper verification of a legit MDM or Windows server domain lets them push the policy and that security measure they put in place is virtually useless, and all it does is to put unnecessary limitations for users.

 

Gunnar-Haslinger's avatar
Gunnar-Haslinger
Iron Contributor
Oct 20, 2020

HotCakeX I agree, but in addition: as an "hacker" there is even no need to elevate to Admin/System. It is much easier to just modify your user-writeable Edge-Profile to do the same. Maybe not as persistent as setting policies, but the point is: If you allow malware to run on your system your Edge-Settings are the least problem and you already lost the game.

  • HotCakeX's avatar
    HotCakeX
    MVP
    Oct 20, 2020
    Yup, can't agree with that more

Resources