Internet Explorer “Protected Mode” Can Be Bypassed

The Protected Mode in the later versions of Internet Explorer has been proven to be not so “Protected” as previously thought. While it is a security hole, it can also be avoided as much as possible by limiting the trusted Intranet Zone.

Researchers from Verizon Business have now described a way of bypassing Protected Mode in IE 7 and 8 in order to gain access to user accounts. The technique requires a vulnerability that allows the execution of malicious code in the browser or in a browser extension. Although the malware will initially only run in the browser’s Low Integrity Mode, it can start a web server on the computer that will respond to requests on any port of the loopback interface. By calling the IELaunchURL() function, an attacker can instruct IE to load a URL from this web server, for instance “http://localhost/exploit.html”. Localhost is generally part of IE’s Local Intranet Zone and, by default, Protected Mode is disabled for content from this zone.

Dustin is the Head Editor of MSTechPages and has been awarded the 2011 Microsoft Community Contributor award. He is in the process of finishing up a book about Windows 7 Tips and Tweaks. Also, a free ebook for Windows 8 keyboard shortcuts is available on this site, with more printable "cheat sheets" coming soon. You can also find him in the Microsoft Community forums (also as a Community Moderator), Tech Support Guy forums, HardForum, and The Windows Club forums, among several others.
View all posts by Dustin
Dustins website
You can leave a response, or trackback from your own site.