IE 8 Hacks Slowed by Windows Safeguards

Even a fire-proof safe needs additional protective measures, and Internet Explorer 8 on Windows 7 is no different.

Such was the view of Microsoft security maven Paul Cooke, commenting on the recent "Pwn2Own" contest at the CanSecWest security conference, which was held last week in Vancouver. IE 8 got hacked in two minutes during the contest.

A hacking mainstay from Germany who goes by the nickname "Nils," along with Peter Vreugdenhil, found ways to disable IE 8's touted DEP (data execution prevention) and ASLR (address space layout randomization) protections, which are two of the most vaunted anti-exploit features in Windows Vista and Windows 7. Nils also was a big winner at last year's Pwn2Own contest.

Even though two minutes seems like a short time, delaying hacker success is part of the security goal, according to Cooke.

"A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last," Cooke wrote in a blog.

Hackers targeted Microsoft's Internet Explorer 8 on Windows 7 and IE 7 on Vista and XP during the contest. They showcased their intrusion skills and competed to win prizes of up to $10,000.

Cooke noted in the blog that Microsoft's newer operating systems, such as Vista and Windows 7, provide additional "defense in depth" protections over previous OSes. H.D. Moore, Rapid7's chief security officer, largely concurred with that view, but he added a caveat.

"The [recent Pwn2Own contest] made one thing clear: efforts by software vendors to improve the resiliency of their operating systems are paying off, but application-specific vulnerabilities are still a serious threat," Moore said. He added that the defense-in-depth protections of the OSes did slow down the Pwn2Own hacking efforts somewhat.

"The complexity of the Internet Explorer exploit used [by the winners] to bypass both DEP and ASLR should be seen as a positive thing for security," said Moore, who is a security researcher, hacker and founder of the Metasploit Project, which tracks software vulnerabilities. "Just one year ago the same type of vulnerability would have exploitable by anyone with basic skills and an hour of time to burn."

Security software entrepreneur Phil Lieberman had a simple response to the two-minute knockout of IE 8.

"Cool and bravo," said Lieberman, who is president of Lieberman Software. "Maybe this will wake up Microsoft to stabilize and secure their browser. IE 8 was worse than IE 7 from a compatibility and performance point of view. It looks like IE 9 will use a more secure architecture built on the new Vista and Windows 7 core."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.