Holes in IE Protected Mode leave other apps vulnerable, too
Verizon Business researchers write blueprint for IE weaknesses
Protected Mode is designed to reduce the potential of an attack by keeping malware from being installed on the user's PC, rather than in a sandbox or cache without access to other system resources.
Adobe recently took that tack with the Adobe Reader X, to prevent malware embedded in PDFs from launching when the victim opened the PDF.
Freeware and shareware security products like Sandboxie and Returnil use similar approaches, which stop short of full virtualization by allowing users to do what they want, but not allowing any changes to applications or settings to survive a reboot.
Unlike Privacy Mode in Firefox, IE's Protected mode uses privacy settings within the operating system, which also affect applications that use the same preference settings, including Google Chrome and Reader X.
The paper mapped out ways attackers could elevate their own processes to a high enough privilege level that Protected Mode wouldn't apply, by launching a process as a virtual Web server that appears to be inside a protected zone, for example.
The paper is a more detailed breakdown and instruction set on weaknesses in IE's security, the the weaknesses aren't any secret. Neither is the inherent risk of having three (or half a dozen) client-side applications use the same security settings often misapplied by the end user.
It also underscores, along with the WikiLeaks threat to post corporate documents as well as government info, the need for comprehensive data-loss protection software and some level of assistance or control over user settings at the endpoint.
Some security gateways will filter and reject users trying to connect if the machines they're dialing in with don't satisfy a set of security configuration requirements -- having functional, up to date antivirus software, Windows security settings that don't wave provocatively at hackers and malware every time your users go outside the firewall -- anything you want.
It will increase the amount of work you have to put into each machine and into training each end user, at least for a while.
But if you're not about to convert most of your desktops and mobile client hardware to virtualized versions, you're way too exposed, to the point that it's almost irresponsible not to use WikiLeaks and the holes in Protected Mode to push for solid, consistent client-side security, even if business unit managers have managed to resist it in the past.