Professional Documents
Culture Documents
Integrity Mechanism
IEInstal.exe
Administrative
IE7 in Admin Broker
Rights Required
(High IL)
protected
mode IEUser.exe
(Low IL) User Broker
User
(Medium IL) Rights Required
Compatibility
Layer Low Rights
Required
Registry protection
Not only files protected, but registry entries
Modifications of system files made only
through trusted installer
Trusted installer called for updates (only accepts
signed updates)
Resolves a major security issue with earlier
windows versions
Privilege escalation
Processes by the same user can be running with medium or
high privileges
Since a medium privilege process can write to the current user
registry, it can modify entries that control the behavior of the
same user’s high-privilege processes (if written to that user’s
registry)
By default, user processes and files have medium integrity level,
while IE7 (as before) is low integrity
Examples of privilege escalation from low medium high
local system are provided by Matthew Conover, Principal
Security Researcher, Symantec Corporation, in “Analysis of the
Windows Vista Security Model,” a SYMANTEC ADVANCED
THREAT RESEARCH technical report
Low to Medium
IE7 cannot write files in the user account or
the medium integrity area of the user
registry, including adding startup items
But it may be able to connect through the
loopback interface to a file sharing service and
achieve the same result
Medium to High
Program runs in the background, listening to calls
to consent.exe
When it is called, it checks if it has write privileges to the
caller
Overwrite the caller with its own malicious code
Launched w/ high privileges
High to LocalSystem
If the high integrity process launched is not LUA restricted,
it can
Take ownership of security objects
Change all registry files to grant administrators full privilege to
system modification
Apply patches to libraries that disabled signature checking for
system files
Modify the operating system arbitrarily
There is no longer monitoring of modification of system
files
Still, overall a much stronger security architecture than
earlier versions of windows