IE ‘Protected Mode’ Vulnerability Revealed
According to investigators at Verizon Business, vulnerability exists in the 'protected mode' mechanism of Internet Explorer which suggests that other Windows software, along with Adobe's Reader X and Google's Chrome, developed on the basis of this technology can be problematic.
Fundamentally, 'Protected Mode' requires restricting the privileges obtainable from a particular application process. These privileges result from the IE or OS as per 6 MIC (Mandatory Integrity Control) stages, the first, from down, being relevant for all applications working actively from the Internet a zone most un-trusted.
Nevertheless, Verizon researchers record methods through which an attacker can raise a process' privileges to zones unsuitable for Protected Mode, like a network's Intranet that utilizes UNC paths. Alternatively, the privileges can be elevated through phishing sites masquerading as trustworthy websites.
The related assault becomes possible when the privilege level of the browser is elevated to medium integrity from low integrity. State the Verizon researchers that immediately as the first attack code is used remotely to run malware on the target system at an integrity that's low, the malware manages to set one Web-server taking instructions from a port that has a bearing with a loopback interface. InformationWeek published this on December 6, 2010.
The Web-server subsequently helps to launch an attack that the local browser characteristically assigns medium integrity as it is within the Local Intranet Zone. Executing the attack again leads to stubborn malware as the medium-integrity configuration lets the malicious program to persist.
Still, according to Verizon researchers, Protected Mode is handy as presently the majority of malware, which are active when low integrity prevails, may fail to stay during reboots as they remain unaware of the low integrity level, during their execution. For instance, the Metasploit Framework, the open-source program for penetration testing, which has tested the greatest number of exploits worldwide, rarely knows about the level of integrity.
Says Verizon that the latest vulnerability doesn't straight away affect other software, which utilize Protected Mode like Chrome or Reader X. However, it does indicate the way such safeguards are vulnerable to assaults given that a mechanism must be trusted somewhat at least.
Related article: IE & Gmail Show Up with Alarming Vulnerabilities
» SPAMfighter News - 18-12-2010