[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00eb01cb9584$09851750$1c8f45f0$@gmail.com>
Date: Mon, 6 Dec 2010 15:27:41 -0500
From: "John Lightfoot" <jlightfoot@...il.com>
To: "'Ven Ted'" <v3nt3d@...glemail.com>,
"'Thor \(Hammer of God\)'" <thor@...merofgod.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: verizon vs m$
<snip>
Once the initial remote exploit has been used to execute arbitrary code
</snip>
I think Thor's point is if your Intranet is pwned such that it's hosting
remote exploits, you're already screwed.
It's a configuration issue, anyway, so it's easy enough to mitigate against.
My question is why did MS choose to disable Protected Mode by default in the
Local Internet Zone? I've only run across one application that won't run in
Protected Mode, it seems like it should be on by default for all zones.
On Mon, Dec 6, 2010 at 1:49 AM, Thor (Hammer of God) <thor@...merofgod.com>
wrote:
I don't understand how Dan arrived at "Researchers bypass Internet Explorer
Protected Mode" for the article title. Protected Mode isn't being bypassed
at all - the "researchers that figured out a reliable way to bypass the
measure" apparently just noticed that Protected Mode is disabled by default
in the Local Intranet Zone.
Is this something you are concerned about? This would obviously only be
exploitable by accessing sites on one's own intranet by specifically using
intranet nomenclature (and trusted sites, but the user has to add those).
Also, the article (or the researchers) are incorrect about the default
settings for the Intranet zone - it's Medium-low, not Medium. If the
problem one is trying to fix is based on attackers compromising intranet
sites and then posting code for unpatched vulnerabilities that would still
end up only running in the user context, then you've got much bigger
problems, no?
I'm just wondering why you are brining attention to the article, or really,
why it was written in the first place.
t
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Georgi
Guninski
Sent: Sunday, December 05, 2010 1:26 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] verizon vs m$
in a world like this, verizon kills exploder bugs:
http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/
http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftpro
tectedmodeinternetexplorer_en_xg.pdf
the language doesn't seem passionate:
-----
Finally, Microsoft and other software vendors should clearly document which
features do and do not have associated security claims. Clearly stating
which features make security claims, and which do not, will allow informed
decisions to be made on IT security issues.
-----
lol
--
joro
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists