Researchers Bypass IE Protected Mode

Trailrunner7 writes "A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account."

The trouble with sandboxes

[tryone]

Have you ever looked at a real life sandbox, that kids have been playing in? Notice how there's sand scattered all over the surrounding ground up to six feet away from the box? That's Microsoft's security model right there.

Re:Well color me surprised

[hedwards]

The whole point of a sandbox is to add another layer that the attacker has to punch through before getting root access to the computer. From what I gather it's chaining together multiple vulnerabilities to gain control. First bypassing the potected mode then gaining administrative control over the computer.

Assuming I'm reading things correctly that's to be expected. The real news is that MS' approach of letting security fixes ripen before release has caused what was bad to be far worse. Of course by real news I mean something that's known to everybody except MS.

Re:Not exactly what a sandbox is for, actually

[Zero__Kelvin]

"That assumes perfect software, and there is no perfect software."

No, it doesn't assume that. Recognition of the fact that the sandbox is not invulnerable is certainly important, but it is equally important to remember that the goal is t have a perfect sandbox. Once you set your standards lower, "From we hope to make it impossible to break in" to "we hope to make it more difficult to break in", you have already formed the mindset that some bugs are not important. The biggest difference between Linux Kernel development and Windows OS development is that the former treats all bugs as important, while the latter tries to classify some of them us not important, even when they are known to make the system less secure. It is this difference, and not some imaginary idea that crackers only target Windows systems, that accounts for the much higher failure rate of Windows vs. Linux in the malware susceptibility domain.

Re:Not exactly what a sandbox is for, actually

[Zero__Kelvin]

"Once you assume it is perfect, or can be perfect, you give up trying to improve it."

What a ridiculous statement. It completely ignores that I stated that it was important to remember that the sandbox is not invulnerable, for starters.

"Don't project your high-and-mighty assumptions on others just because you're not privy to how they work. You are not on those teams."

I am privy to it. Microsoft announces that they have no current plans to fix various known security flaws on a regular basis. You will never see that with the Linux Kernel, ever.

"You just like to suck on the cock that you imagine as it makes you feel superior."

And there it is, the hat trick. Three ridiculous assertions of equal absurdity. Good job!