Free Newsletters

   All InfoWorld Newsletters

MORE ENTRIES
Enterprise Desktop | Randall C. Kennedy » Cracking IE Protected Mode in Vista

November 13, 2007 | Comments: (0)

Cracking IE Protected Mode in Vista

TAGS: Windows Vista

I came across a fascinating article on Windows Vista and the Internet Explorer "Protected Mode." It seems that, even with User Account Control (UAC) enabled, a low-integrity process like IE can manage to grab the handle of a higher-integrity process and potentially inject code into it, compromising the system. Here's the link to the article.

The key is that you have to be running as a non-elevated Administrator (i.e. the Vista default for stand-alone installations). This is different from running as a Vista "Standard" user. Standard users are truly limited in that they are logged-in at a medium integrity level and have no way of elevating their level - for example, to run a high-integrity level process - without first entering credentials for a separate, Administrator-level account. This separate, Administrator account is then used to launch the process on behalf of the Standard user, effectively creating a barrier between the system and any process created by the Standard user.

By contrast, non-elevated Administrators are still members of the Administrators group but are artificially logged-in at medium integrity. To elevate their access they first go through the UAC elevation prompt after which they're allowed to start the requested process at their native high-integrity level.

This distinction is important since it directly affects the level of security afforded by the two operating modes. When running in either mode you see the "Protected Mode: On" message at the bottom of the IE window. However, unless you're running as a Standard User, this visual cue can engender a false sense of security since a non-elevated Administrator account can still be compromised using the aforementioned injection technique.

Bottom Line: To properly lock-down Vista you need to eliminate all non-elevated Administrator accounts and force everyone to use the Standard User model. Microsoft is supposedly working on a fix for this issue and will ship it as part of Service Pack 1. Until then, be smart and ditch that default non-elevated account.

Posted by Randall Kennedy on November 13, 2007 12:49 PM


RATE THIS ARTICLE:





 

  •  
  • COMMENTS



One could easily argue that Kingston is better than Quantum when it comes to RAM and though both are affordable and nearly match each other on price I always lean towards Quantum when I am in need of more or new RAM.

I’ve only had one stick of RAM go bad on me in the past 15 years so when I do need RAM it’s almost always for an upgrade one of my machines. The only other time I get RAM is when someone asks me to do it for them, usually family. Quantum seems to deliver better bus speed when I’ve run them side by side. You’ll be fine buying either brand, just remember you get what you pay for so don’t go to “budget”. Bad RAM is no fun brother.

Posted by: Chris at November 13, 2007 11:41 PM

Chris,

That's all very fascinating...however, I'm not sure what it has to do with my post on IE Protected Mode. :-|

RCK

Posted by: Randall C. Kennedy at November 13, 2007 11:48 PM

Can you say blogspam?

Posted by: Ryan at November 14, 2007 06:49 AM

 

TOP STORIES

 


 

ADDITIONAL RESOURCES

 

 


Technology White Papers

 

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert
Find out when the latest white paper is available:
 
 
» BUY A LINK NOW

Sponsored Technology Links

Copyright © 2007, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.