In our previous blog post, we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack.

We published a security advisory in February describing an Excel vulnerability in fully-patched Excel being used in limited targeted attacks. As we noted in the SRD blog, the exploits target Office 2007 running on Windows XP. We will demonstrate now how to opt Excel in to DEP to help mitigate attempts to exploit this vulnerability.

First, why does Excel not opt-in to DEP by default?

If you look at the sysmain.sdb on Windows XP SP2 or the “DLL Characteristics” header value of iexplore.exe (IE 7) or excel.exe (or any Office application) you can see that these processes do not opt-in to DEP by default. Both IE 7

Tags: activex, database, defense-in-depth, environment, exploit, explorer, internet, sms, vulnerability

This entry was posted on Friday, June 12th, 2009 at 1:48 pm and is filed under Microsoft Research & Defense. You can follow any responses to this entry through the RSS 2.0 feed.