Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Internet Explorer

Researchers Bypass IE Protected Mode 91

Trailrunner7 writes "A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account."

Slashdot Top Deals

But it does move! -- Galileo Galilei

Working...