A recent blog post by security researchers with HP claimed that there is a simple way for hackers to exploit the sandbox security measures in place within most versions of Microsoft Internet Explorer (IE), and Microsoft apparently has no plans to fix the vulnerability.
The HP blog post explains the exploit, saying that it is incredibly easy for malicious actors to surreptitiously install malware on end-users’ computers through the Internet Explorer browser by utilizing this vulnerability.
The vulnerability allows hackers to employ a technique that bypasses part of the Microsoft Windows sandbox system. The technique “does give the attacker a significant advantage by giving them higher-level access than a typical exploit might in Internet Explorer, by allowing them to escape the sandbox,” Robert Hansen, a vice president at WhiteHat Labs, wrote in an e-mail to Ars Technica. “In practical terms this is a very important finding, because it can be tied into existing exploits that might otherwise not be able to escape the IE sandbox.”
Bypassing the sandbox requires a cybercriminal to create a fake Web server capable of executing a reliable exploit to work against the computer’s localhost address, which is used for communicating with applications on the same local system.
The sandbox system used by Windows employs a Protected Mode that classifies the majority of Web content into a low integrity level that has very limited access to the sensitive parts of the operating system. Using a bypass technique provides attack code that runs with medium integrity privileges and no constraint from the sandbox. Researchers at HP were able to identify a simple way to insert attack code into the medium integrity level reserved for normal Windows users.
Vulnerability Increases Ease of Attacks
Internet Explorer’s sandbox system requires cybercriminals to launch two simultaneous attacks; one aimed at the sandbox itself and another that attacks the vulnerability elsewhere in the system. Being able to bypass the first attack entirely makes it exponentially easier for hackers to utilize system exploits.
The bypass method works on all versions of Internet Explorer except IE 11 running on Windows 8.1. The discovery of this vulnerability was first accomplished by Verizon in 2010 while examining IE 7. The HP researchers were able to show that the exploit is still readily available four years later. In fact, many cybersecurity researchers have looked into the vulnerabilities of Internet Explorer, according to Infosecurity Magazine, and found that exploits for IE are have grown over 100 percent since last year. IE vulnerabilities have surpassed those of Flash and even Java, which previously held the top title.
With these types of vulnerabilities becoming more common, it is increasingly important for businesses to stop relying on software companies to provide security for them. Implementing enterprise security measures is more important than ever, and just a few simple safeguards can drastically improve a business’s security posture.
Authentication is an easy way to radically enhance the protection of enterprise networks. Methods using two-factor authentication require users to prove they deserve access to certain systems and applications, creating an extra barrier between cybercriminals and sensitive business information.