tailieunhanh - Escaping from Microsoft’s Protected Mode Internet Explorer
In Internet Explorer 7 and Windows Vista, Microsoft introduced a new browser security feature called “Protected Mode”. According to Microsoft, this mechanism “significantly reduces the ability of an attack [against Internet Explorer] to write, alter or destroy data on the user’s machine”.1,2 A clearer description is that the feature attempts to protect the integrity of the client machine in the event the browser is compromised in an attack and prevent malware from being persisted on the targeted machine. This paper will describe why this is not currently the case in Internet Explorer 7 or 8 for remote code execution vulnerabilities, discuss the limitations of the feature. | WHITE PAPER Security Solutions veri7on Escaping from Microsoft s Protected Mode Internet Explorer Evaluating a potential security boundary Introduction In Internet Explorer 7 and Windows Vista Microsoft introduced a new browser security feature called Protected Mode . According to Microsoft this mechanism significantly reduces the ability of an attack against Internet Explorer to write alter or destroy data on the user s machine .1 2 A clearer description is that the feature attempts to protect the integrity of the client machine in the event the browser is compromised in an attack and prevent malware from being persisted on the targeted machine. This paper will describe why this is not currently the case in Internet Explorer 7 or 8 for remote code execution vulnerabilities discuss the limitations of the feature by design identify generic attacks patterns that can be used to bypass the feature without user intervention and discuss some inconsistencies in the underlying access control implemented in Microsoft Windows . The Microsoft Security Response Centre MSRC does not regard Protected Mode as a security boundary 3 but there is the intention for it to become a true security boundary in a future version of Internet Once it becomes a formal security boundary Microsoft will patch any successful bypass of the mechanism within their monthly security However since the feature s introduction a wide range of sources at Microsoft and elsewhere have implied or stated security claims about the feature for example The idea behind Protected Mode IE is that even if an attacker somehow defeated every defense mechanism and gained control of the IE process and got it to run some arbitrary code that code would be severely limited in what it could do. - IEBlog 2006 5 What s interesting about this is the fact that Firefox doesn t have the benefit of Protected Mode under Vista which can somewhat mitigate the damage that can be done if Internet Explorer 7 is .
đang nạp các trang xem trước