Security Research & Defense : Additional information about DEP and the Internet Explorer 0day vulnerability
If you haven’t enabled DEP yet, you need to. What is it? Data Execution Prevention (DEP) is a security feature included in Microsoft Windows XP and later operating systems that is intended to prevent an application or service from executing code from a non-executable memory region.
This helps prevent certain exploits that store code via a buffer overflow, for example. DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support.
From the Security Research and Defense blog:
Which versions of Internet Explorer have enabled DEP by default?
Hardware-enforced DEP is enabled by default for Internet Explorer on the following platforms:
· Internet Explorer 8 on Windows XP Service Pack 3,
· Internet Explorer 8 on Windows Vista Service Pack 1 and later,
· Internet Explorer 8 on Windows Server 2008, and
· Internet Explorer 8 on Windows 7.