UAC to the rescue!
Windows Vista’s new User Account Control is already earning its keep! New attacks were reported this weekend that take advantage of a vulnerability in how Windows handles animated mouse cursors. A patch is due out tomorrow (apparently it’s been pushed up from an original April 10th release date). The patch will address the issue on XP and on Vista. Yes, the vulnerability exists on Vista. And yet, most Vista users are protected from these attacks already.
That is, assuming they have UAC enabled and are using IE7. On Windows Vista with UAC enabled, Internet Explorer runs in “Protected Mode” which successfully protects you from all known web-based attacks that use this vulnerability. How does it do that? Basically, “Protected Mode” runs IE in a “sandbox” of sorts, and doesn’t allow it to access anything but its own files and registry keys. If an attacker can successfully inject code into your web browser, and the browser is running in Protected Mode (also known as the “low” UAC integrity level) – that code is prevented from doing any harm.
To all the UAC naysayers – this is certainly only the first of many examples proving its value (especially it’s use in IE’s Protected Mode).