nsane.forums Posted December 7, 2010 Share Posted December 7, 2010 Protected Mode can be bypassed by attackers, says Verizon Business A new report is casting doubts on security protections for Microsoft's Internet Explorer web browser. The report [PDF] from Verizon Business claims that through the use of certain exploit techniques, an attacker can bypass Internet Explorer's protected mode tool, allowing for users to be remotely infected with malware. Used in both Windows Vista and Windows 7, protected mode has been billed as a method for helping to mitigate the risk of infection on a system from browser exploits. The component attempts to isolate certain access rights in the browser to help prevent execution and installation of malware code. According to Verizon Business researchers, an attacker could use so-called 'generic' attack techniques which would not only bypass the Protected Mode controls, but also remotely infect the targeted system. The results are causing researchers to question the value of Protected Mode as a true security protection for users. "The fact that a single exploit can be used for both the remote exploit and local privilege escalation is central to why this is a significant issue," the company said in the report. "Features such as Protected Mode can only be effective if they either significantly raise the cost of an attack, or reduce the probability of a successful attack." Verizon Business did offer a set of recommendations to help mitigate the risk of attack. Researchers are advising administrators to use best practices such as running workstations under a user account rather than as administrator and making sure that third-party tools are not reconfiguring Protected Mode to allow privilege escalation. The researchers also noted that there are limitations to the vulnerability which could foil some malware attacks. "Given the current set of potential ways to bypass Protected Mode’s protection by locally escalating from low to medium integrity, it can be concluded that the mechanism currently provides little in the way of reliable protection from remote code execution attacks," the company said. "However, currently, most malicious code that runs at low integrity will likely fail to persist across reboots, since it will not be aware that it is running at low integrity." Microsoft has yet to respond to a request for comment on the report. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.