User Interface Privilege Isolation
   HOME

TheInfoList



Click Here for Items Related To - User Interface Privilege Isolation
OR:
User Interface Privilege Isolation on:   [Wikipedia]   [Google]   [Amazon]

User Interface Privilege Isolation (UIPI) is a technology introduced in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on F ...
to combat shatter attack exploits. By making use of Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages). Window messages are designed to communicate user action to processes. However, they can be used to run arbitrary code in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized
privilege escalation Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The re ...
. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks. UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security ''boundary''.
Microsoft Office 2010 Microsoft Office 2010 (codenamed Office 14) is a version of Microsoft Office for Microsoft Windows unveiled by Microsoft on May 15, 2009, and released to manufacturing on April 15, 2010, with general availability on June 15, 2010, as the success ...
uses UIPI for its Protected View
sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or Sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * ''Sand ...
to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.


References

{{Windows Components Windows Vista Microsoft Windows security technology