Buy the ARP T-Shirt! BIOS Optimization Guide Money Savers!
 
 04 February 2014
 N/A
  N/A
 Editorials
 Dr. Adrian Wong
 2.0
 Discuss here !
 6279
 
   
Western Digital My Passport Pro 2 TB Portable (Thunderbolt) Hard Disk Drive Review
Today, we are going to take a look at their latest portable hard disk drive for the M... Read here
BIOS Option Of The Week - TV Type
Since 1999, we have been developing the BIOS Optimization Guide, affectionately known... Read here
   
Buy The BOG Book Subscribe To The BOG! Latest Money Savers!
ED#164 : Warning - Microsoft Opened A Security Hole In Internet Explorer 11 Rev. 2.0
Digg! Reddit!Add to Reddit | Bookmark this article:

ED#164 : Warning - Microsoft Opened A Security Hole In Internet Explorer 11

Before anyone asks - yes, I'm still using Internet Explorer, and no, it's not the only Internet browser I use. Sure, it suffers from GDI leaks and it has its share of bugs, but it was still a decent Internet browser. Of course, I was glad to see Microsoft continue working on Internet Explorer.

When they released Internet Explorer 11, I installed it and immediately noticed that it was more stable than Internet Explorer 10. In fact, they seemed to have reduced GDI leaks, although it still seems to be there. Still, I would have irrevocably recommended that everyone using Internet Explorer upgrade to IE11. Internet Explorer 11 is definitely the best IE so far.

However, I have to point out that Microsoft actually introduced a security hole in Internet Explorer 11. This is something you can close, and we will show you how to do that in a moment, but it is absurd for Microsoft to actually open it in the first place.

The security hole that Microsoft opened in Internet Explorer 11 involves the Enhanced Protected Mode feature they introduced in Internet Explorer 10.

How To Fix Whatsapp Chat History Corruption

 

What Is Enhanced Protected Mode?

When first introduced, Microsoft stated that it "works by extending the existing Protected Mode functionality to help prevent attackers from installing software, accessing personal information, accessing information from corporate Intranets, and from modifying system settings. To do this, Enhanced Protected Mode must reduce some of the capabilities available to Internet Explorer, including:

  • Restricting access to personal assets. Restricts Internet Explorer from locations that contain your personal information until you grant permissions to it. This helps prevent unauthorized access to your personal information.

  • Restricting access to corporate assets. Restricts access to valuable information on your corporate network resources by controlling access through the following tab processes:

    • Not allowing Internet tab processes to have access to a user's domain credentials.

    • Not allowing Internet tab processes to operate as local web servers.

    • Not allowing Internet tab processes to make connections to intranet servers."

To do that, Enhanced Protected Mode "isolates untrusted web content in a restricted environment that's known as an AppContainer. This process limits how much access malware, spyware, or other potentially harmful code has to your system."

In addition, Enhanced Protected Mode improves your computer's security using these methods :

64-bit processes - A 32-bit number is large – it’s a little more than 4 billion. A 64-bit address is much larger number – roughly 18 pentillion and change (18,446,744,073,709,551,616). Not only does a 64-bit number let you address more memory, it also makes existing memory protection features such as ASLR (Address Space Layout Randomization) much more effective. Heap spray attacks, which are used by attackers to plant malicious code at predictable locations, become much more difficult because it isn’t practical to “fill up” a 64-bit address space – you’ll run out of memory and disk space long before any sizable fraction of the address space is sprayed.

Broker process - When you run a program, it has access to anything on the computer that you have access to, including your personal documents. Enhanced Protected Mode restricts Internet Explorer from locations that contain your personal information until you grant permission to it. This helps prevent exploit code from accessing your personal information without your permission. With Enhanced Protected Mode, a “broker process” will grant Internet Explorer temporary access to the file only if you actually click on “Open” on the file upload dialog. Notice that there are no extra prompts. Brokering is done automatically after you choose to open a file. This is like providing a single safe deposit box to Internet Explorer when requested, instead of giving access to the entire safe all of the time.

The NVIDIA Control Panel Memory Leak Problem

 

So What's The Problem?

Believe it or not, Microsoft disables Enhanced Protected Mode by default in Internet Explorer 11. Just how serious is this? Well, Microsoft actually has a Knowledge Base article on how to disable Enhanced Protected Mode in IE10. However, they warned that :

"This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk."

So why did they do it? It appears that this is because Enhanced Protected Mode disables incompatible add-ons, which includes the Adobe Acrobat Reader and the Adobe Flash Player. According to Adobe :

Acrobat products only partially supported EPM with 10.1.8 and 11.0.04. With those versions, incompatible add-ons are automatically disabled when EPM is on. If you encounter a site that needs an add-on such as an Acrobat plug-in, disable EPM for the specific website. Then, you can use the site while having EPM enabled for the rest of the Internet. Only disable EPM for websites you trust. Full support is provided with 10.1.9 and 11.0.06.

Presumably because of this issue, Microsoft decided to disable Enhanced Protected Mode by default in Internet Explorer 11 to allow all add-ons to work. However, this exposes IE11 users to attacks by malicious users or software - the very reason why they added this feature in IE10!

Having trouble with your wireless mouse or keyboard? Blame USB 3.0!

 

How Do We Fix This?

Simple - by re-enabling Enhanced Protected Mode. You will need to do this even though it was already enabled in Internet Explorer 10, and you only upgraded it to Internet Explorer 11. Here's a short step-by-step guide :

  1. In Internet Explorer 11, click on Tools and select Internet options.

How to enable Enhanced Protected Mode In IE11

  1. When the Internet Options window opens up, select the Advanced tab.

How to enable Enhanced Protected Mode In IE11

  1. Scroll down all the way until you are almost at the very end. Look for "Enable Enhanced Protected Mode". You will notice that it's unchecked.

How to enable Enhanced Protected Mode In IE11

  1. Click on the checkbox to enable it. Then click OK and restart your computer.

After you restart Windows, Internet Explorer 11 will run with Enhanced Protected Mode enable. That's it!

 

What About Adobe Acrobat Reader / Flash Player?

Even though Adobe claims that the Adobe Acrobat Reader will fully support the Enhanced Protected Mode as of version 11.0.06 (released on the 14th of January, 2014), it still reports that it is incompatible with Enhanced Protected Mode whenever I attempt to view a PDF file on IE11. See the example below (taken with Adobe Acrobat Reader 11.0.06.70) :

Enhanced Protected Mode problem with Adobe Acrobat Reader

When you encounter this pop-up, you have to decide if you wish to view the PDF document directly on the browser for that website. You can always download it to your computer and open it manually using Adobe Acrobat Reader.

If you prefer to view the PDF document directly on the browser, you must be sure that you trust the website. If you do, all you need to do is click on the Run Control button. Once you do that, Enhanced Protected Mode will be disabled for that website permanently so that Acrobat Reader will never face the same problem again.

Please note again that clicking on Run Control will permanently disable Enhanced Protected Mode for the website you are viewing the PDF file. So you have to be very sure that it's a trustworthy website.

If you like this article, please share it! ->

 

Other Scoops

If you have a scoop you want to share with us, just contact us! It doesn't have to be Apple-related. It can be anything in the tech industry, from mobile phones to P2P software. Just drop us a message!

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Support us by buying from Amazon.com!

Grab a FREE 30-day trial of Amazon Prime for free shipping, instant access to 40,000 movies and TV episodes and the Kindle Owners' Lending Library!

 

Questions & Comments

If you have a question or comment on this editorial, please feel free to post them here!

Date

Revision

Revision History

29-01-2014

1.0

Initial Release.

04-02-2014

2.0

Added more details on how Enhanced Protected Mode works.
Added details on Enhanced Protected Mode compatibility issues with Adobe Acrobat Reader and Adobe Flash Player.
Added a new section on "fixing" Enhanced Protected Mode compatibility issues with Adobe Acrobat Reader and Adobe Flash Player.





 
   
Western Digital Elements Play 2 TB HD Media Player Review
Seagate 250 GB Momentus 5400.4 SATA Notebook Hard Drive Review Rev. 1.1
Windows Anytime Upgrade For Windows 7 Revealed!
Auzen X-Fi Prelude 7.1 Sound Card Review
Intel Developer Forum 2007 Report
ASUS W3, W5 & V6 Sonoma Notebook Series Launch
1GB Mushkin PC3200 222 LII V2 Dual Pack Memory Modules Review
Futuremark's Approved NVIDIA Drivers For 3DMark03
Definitive Review of the Crucial PC2700 DDR SDRAM DIMM
Definitive Review of the ABIT NF7-S nForce2 Motherboard

 


Copyright © Tech ARP.com. All rights reserved.