Security/Sandbox: Difference between revisions

← Older edit

Security/Sandbox (view source)

Revision as of 16:53, 11 October 2024

629 bytes added , 11 October 2024

→‎Content: Update windows content sandbox levels

Bobowen

284

edits

@@ Line 99: / Line 99: @@
 {| class="wikitable"
 |-
-! Sandbox Feature !! Level 5 !! Level 6 (default)
+! Sandbox Feature !! Level 6 !! Level 7 (Release) !! Level 8 (Nightly)
 |-
-| Job Level || JOB_LOCKDOWN || JOB_LOCKDOWN
+| Job Level || JOB_LOCKDOWN || JOB_LOCKDOWN || JOB_LOCKDOWN
 |-
-| Access Token Level || USER_LIMITED || USER_LIMITED
+| Access Token Level || USER_LIMITED || USER_LIMITED || '''''USER_RESTRICTED'''''
 |-
-| Alternate Desktop || YES || YES
+| Alternate Desktop || YES || YES || YES
 |-
-| Alternate Windows Station || YES || YES
+| Alternate Windows Station || YES || YES || YES
 |-
-| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
+| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
 |-
-| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
+| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || '''''INTEGRITY_LEVEL_UNTRUSTED''''' || INTEGRITY_LEVEL_UNTRUSTED
 |-
 | Mitigations
@@ Line 125: / Line 125: @@
 MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
 MITIGATION_CONTROL_FLOW_GUARD_DISABLE<br>
-MITIGATION_WIN32K_DISABLE
+MITIGATION_WIN32K_DISABLE<br>
+Locked Down Default DACL
+||
+MITIGATION_BOTTOM_UP_ASLR<br>
+MITIGATION_HEAP_TERMINATE<br>
+MITIGATION_SEHOP<br>
+MITIGATION_DEP_NO_ATL_THUNK<br>
+MITIGATION_DEP<br>
+MITIGATION_EXTENSION_POINT_DISABLE<br>
+MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
+MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
+MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
+MITIGATION_CONTROL_FLOW_GUARD_DISABLE<br>
+MITIGATION_WIN32K_DISABLE<br>
+Locked Down Default DACL
 ||
 MITIGATION_BOTTOM_UP_ASLR<br>
@@ Line 141: / Line 155: @@
 |-
 | Delayed Mitigations
+||
+MITIGATION_STRICT_HANDLE_CHECKS<br>
+MITIGATION_DLL_SEARCH_ORDER
 ||
 MITIGATION_STRICT_HANDLE_CHECKS<br>