A previously undisclosed vulnerability discovered by researchers from Verizon (NYSE: VZ) Business could allow attackers to bypass Microsoft (NASDAQ: MSFT) Internet Explorer's (IE) Protected Mode. Protected Mode was designed to ensure that any compromise of IE by malicious code will be limited in its ability to cause damage. Unfortunately, the researchers were able to demonstrate how a single exploit, applied first as a remote exploit, and then again to escalate the local privileges appears to circumvent the protection. 

The attack works due to the fact that sockets are not subjected to "Mandatory Integrity Control and that sites in the Local Intranet Zone are rendered with Protected Mode disabled," noted the report. Titled "Escaping from Microsoft's Protected Mode Internet Explorer," the report can be accessed here (.pdf). Having said that, the researchers did note that Protected Mode still serves a purpose, since most exploits do not take it into consideration; vulnerabilities that are opened and hence unlikely to persist across reboots.

For more on this story:
- check out this article at Network World
- check out this article at The Register
- check out this article at InformationWeek

Related Articles:
Internet Explorer gains ground on the browser front 
Internet Explorer slides below 60 percent market share as Chrome gains ground 
Google now 'paranoid' about security 
Microsoft shares more about GPU acceleration in IE9