Introduction

Internet Explorer Protected Mode is a reduced-rights operational mode of Internet Explorer where the security manager itself enforces a policy of not allowing write access to most file system, registry, and other securable objects by default. This mode does provide special sandbox file system and registry space that is permitted to be written to by Internet Explorer when operating in Protected Mode.

While there exist some fundamental shortcomings of Protected Mode as it is currently implemented, such as an inability to protect user data from being read by a compromised browser process, it has been thought to be effective at blocking most write access to the system from a compromised browser. The benefit of this is that if one is using Internet Explorer and a buffer overrun occurs within IExplore.exe, the persistent impact should be lessened. For example, instead of having write access to everything accessible to the user's account, exploit code would instead be limited to being able to write to the low integrity section of the registry and the low integrity temporary files directories. This greatly impacts the ability of malware to persist itself or compromise a computer beyond just IExplore.exe without some sort of user interaction (such as persuading a user to launch a program from an untrusted location with full rights, or other social engineering attacks).