Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Gilbert]

Additional information about DEP and the Internet Explorer 0day vulnerability
19 January 2010, 3:13 am

The new Internet Explorer security vulnerability described by Microsoft Security Advisory 979352 has received a lot of interest over the past few days. The Internet Explorer team is hard at work preparing a comprehensive security update to address the vulnerability and the MSRC announced today that as soon as the update is ready for broad distribution, it will be released.

We have heard several questions from customers attempting to protect their environment in the meantime. Most questions have been around Data Execution Protection (DEP), a mitigation we discussed in our previous blog post. To help you better understand DEP specifically as it relates to Internet Explorer 8, we have prepared the following video where I discuss some of the higher level concepts:

         More listening and viewing options:          

Windows Media Video (WMV)             Windows Media Audio (WMA)             iPod Video (MP4)             MP3 Audio             High Quality WMV (2.5 Mbps)             Zune Video (WMV)                           To summarize:

Which versions of Internet Explorer have enabled DEP by default?

Hardware-enforced DEP is enabled by default for Internet Explorer on the following platforms:

· Internet Explorer 8 on Windows XP Service Pack 3,

· Internet Explorer 8 on Windows Vista Service Pack 1 and later,

· Internet Explorer 8 on Windows Server 2008, and

· Internet Explorer 8 on Windows 7.

Windows 2000 has no support for hardware-enforced DEP. Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Vista support hardware-enforced DEP do not have the SetProcessDEPPolicy API that Internet Explorer 8 uses to enable DEP.

How can users of other versions of Windows or Internet Explorer enable DEP?

Windows XP SP2 and Windows Vista RTM users can click this button to launch an MSI that will enable DEP for Internet Explorer.

 How can you determine whether hardware-enforced DEP is available with your hardware?

Microsoft KB 912923 [link] describes in more detail how to determine that hardware DEP is available and configured on your computer.

What is the difference between "Software DEP" and hardware-enforced DEP (/NX)?

DEP itself is enabled per process, regardless of application-layer content. However, a well-known DEP bypass is used by attackers to mark pages executable using .NET classes. IE8 does not allow these .NET class to load in the Internet Zone. In the Intranet Zone, the .NET classes are allowed to load. Therefore, an attacker capable of hosting content on your corporate network may be able to bypass DEP and successfully exploit this vulnerability.

We hope that helps answer questions you may have had about DEP.

Jonathan Ness

*This posting is provided "AS IS" with no warranties, and confers no rights*



Source: Security Research & Defense

>> To obtain the full Microsoft Security Research & Defense article, click the link in the first post line <<