Home > slashdot > Researchers Bypass IE Protected Mode

Researchers Bypass IE Protected Mode

December 3rd, 2010 12:28 admin Leave a comment Go to comments

Trailrunner7 writes “A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he’s successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user’s account.”

Source: Researchers Bypass IE Protected Mode

Related Articles:

  1. Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions
  2. IE Flaw Lets Sites Track Your Mouse Cursor, Even When You Aren’t Browsing
  3. Microsoft Issues Advisory For Internet Explorer Vulnerability
  4. Android Update Lets Malware Bypass Digital Signature Check
  5. Why Mozilla Needs To Go Into Survival Mode
blog comments powered by Disqus