Update exploit-protection-reference.md

denisebmsft · denisebmsft · commit ef6c110df000 · 2024-11-15T11:31:59.000-08:00
diff --git a/defender-endpoint/exploit-protection-reference.md b/defender-endpoint/exploit-protection-reference.md
@@ -512,7 +512,7 @@ Most applications that are compatible with Mandatory ASLR (rebasing) are also co
 
 ### Description
 
-Simulate execution (SimExec) is a mitigation for 32-bit applications only. This helps validate that calls to sensitive APIs will return to legitimate caller functions. It does this by intercepting calls into sensitive APIs, and then simulating the execution of those APIs by walking through the encoded assembly language instructions looking for the RET instruction, which should return to the caller. It then inspects that function and walks backwards in memory to find the preceding CALL instruction to determine whether the function and CALL instruction match, and that the RET hasn't been intercepted.
+Simulate execution (SimExec) is a mitigation for 32-bit applications only. This helps validate that calls to sensitive APIs return to legitimate caller functions. It does this by intercepting calls into sensitive APIs, and then simulating the execution of those APIs by walking through the encoded assembly language instructions looking for the RET instruction, which should return to the caller. It then inspects that function and walks backwards in memory to find the preceding CALL instruction to determine whether the function and CALL instruction match, and that the RET hasn't been intercepted.
 
 The APIs intercepted by this mitigation are:
 
@@ -647,7 +647,7 @@ Compatibility issues with SEHOP are relatively rare. It's uncommon for an applic
 
 ### Description
 
-*Validate handle usage* is a mitigation that helps protect against an attacker using an existing handle to access a protected object. A [handle](/windows/win32/sysinfo/handles-and-objects) is a reference to a protected object. If application code is referencing an invalid handle, that could indicate that an adversary is attempting to use a handle it has previously recorded (but which application reference counting wouldn't be aware of). If the application attempts to use an invalid object, instead of simply returning null, the application raises an exception (STATUS_INVALID_HANDLE).
+*Validate handle usage* is a mitigation that helps protect against an attacker using an existing handle to access a protected object. A [handle](/windows/win32/sysinfo/handles-and-objects) is a reference to a protected object. If application code is referencing an invalid handle, it could indicate that an adversary is attempting to use a handle it has previously recorded (but which application reference counting wouldn't be aware of). If the application attempts to use an invalid object, instead of simply returning null, the application raises an exception (STATUS_INVALID_HANDLE).
 
 This mitigation is automatically applied to Windows Store applications.
 
