Broker processes are designed to limit an attack to low privilege actionsWindows Vista-Flash Player 9 has been released just in time, as Microsoft has made Vista available for download via MSDN subscriptions. The Redmond Company, through the voice of Marc Silbey, Program Manager, has welcomed the result of the close partnership between Microsoft and Adobe.
Aside from being designed with Windows Vista in mind, the brand new Adobe Flash Player 9 also works with Internet Explorer 7 protect mode serving as a model of implementation for additional browser extensions.
"IE7 includes a special feature called Protected Mode where the IE process runs with low privileges. This helps IE significantly reduce the ability of an attack to write, alter or destroy data on the user's machine or to install malicious code. These defenses also limit legitimate actions like saving browser settings, which is why Protected Mode includes broker processes to handle IE's elevated actions. Similarly, yesterday's Flash update includes a broker process to handle Flash's specific elevated actions," said Silbey.
IE7 Protect Mode is a feature found exclusively on Windows Vista. IE7 on Windows XP SP2 can't run with low privileges. In this context, broker processes are designed to limit an attack to low privilege actions. "You can safely handle hijacked calls by validating all input and by asking the user to make a trust decision in UI appropriate scenarios. For example, the IEUser.exe broker launches the Internet Options dialog when it gets a known call from Protected Mode. This prevents the Protected Mode process from silently changing the user's browser settings such as the homepage or security slider," added Silbey.