On CBS.com: Enter For Chance to Tour Set of MEDUM
BNET Business Network:
BNET
TechRepublic
ZDNet

September 20th, 2006

Hardware DEP saves day again on VML IE exploit

Posted by George Ou @ 3:43 pm

Categories: Security, Servers

Tags:

After some testing on the VML zero-day exploit for Internet Explorer, I have managed to verify that hardware-enforced DEP will prevent the exploit from launching.  IE will simply generate a DEP error asking you if you want to make a DEP exception for Internet Explorer (which you should say NO) and crash Internet Explorer.  Without hardware-enforced DEP, my test machine would have been owned by a ton of Malware from the websites I was testing on.

This is the third time in a row that hardware-enforced DEP has preemptively protected me from a zero-day Internet Explorer exploit.  The first time I verified this was with the WMF exploit, the second time was a zero-day IE exploit this March.  Therefore I highly recommend people enable DEP protection in Windows XP SP2 and Windows Server 2003 SP1 and never buy a CPU without NX or XD capability.  This DEP guide I did earlier this year is still relevant.  It doesn’t have the newer CPUs listed but they all have DEP capability except the cheapest Socket A CPUs from AMD.  But even with hardware-enforced DEP enabled, it is still a good idea to implement the workarounds for this VML exploit.

According to this blog (via Alex from Sunbelt BLOG), even software-enforced DEP will mitigate this VML issue.  This was not the case in the WMF zero-day exploit when only hardware-enforced DEP would work which means it isn’t worthless in all situations.  So even if you don’t have a modern CPU, you should follow this guide and implement DEP.  I’m a bit nervous about software-enforced DEP because Microsoft originally stated that it would work against the WMF exploit and then had to retract that claim.  But it’s better than nothing I guess.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 21 Talkback(s)
"Orchestrated Assault" - back it up now?
George, can you finally back up your aggressive accusations that
there was an "orchestrated assault" against Maynor/Ellch? You said
you had evidence that you were holding onto until more came out -
so let's see it now.... (Read the rest)
Posted by: dgtruckses Posted on: 09/22/06 You are currently: a Guest | | Terms of Use
A Better Solution?  D. T. Schmitz | 09/20/06
Re A better solution  barsteward | 09/20/06
When will you Linux fans get it through your head  nucrash | 09/21/06
Solution = Firefox (NT)  ju1ce | 09/21/06
Solution != Firefox  nucrash | 09/21/06
opera not open source !!!!!  barsteward | 09/21/06
Last I checked...  nucrash | 09/21/06
In the office  D. T. Schmitz | 09/21/06
Depends on the situation  nucrash | 09/21/06
As for that Doughnut  nucrash | 09/21/06
Oh good one!  D. T. Schmitz | 09/21/06
But I do deduct  nucrash | 09/21/06
Who said anything about Linux?  barsteward | 09/21/06
I do...  nucrash | 09/21/06
There is Also.....  LazLong | 09/21/06
Correct  D. T. Schmitz | 09/21/06
What nothing on Apple Wi-Fi?  TonyMcS | 09/21/06
The spin has already started  georgeou | 09/22/06
The "Real Facts"?  LazLong | 09/22/06
"Orchestrated Assault" - back it up now?  dgtruckses | 09/22/06
Annoying Beep  Mr_Inventor | 09/22/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
    • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
    • Smart People The best and worst moves in the management and strategy trenches. Learn More