Hardly has Microsoft`s Windows 8 operating system hit the shelves and French penetration-testing company Vupen claims to have defeated the security mechanisms built into it. According to a tweet by Vupen Chief Executive Chaouki Bekrar, the company has found a way to circumvent all zero-day defense mechanisms built into the OS and the Internet Explorer 10 component.
“We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations. Congrats to our mitigation mitigator @n_joly”, reads the tweet.
Security-wise, Windows 8 is the safest operating system ever released by Microsoft. The inclusion of technologies such as SafeBoot and ELAM, along with a better-sandboxed Internet Explorer 10, was supposed to keep rootkit-based malware at bay and to prevent threats originating from the web to exploit the browser, respectively. However, regardless of the effort, most malware running in the user-space of the operating system has no “compatibility issues” in transitioning from Windows 7 to Windows 8.
What`s even more worrying is that Vupen is known to deny sharing of the exploits they find outside of their circle of customers, unlike other members of the security industry who immediately document the threat and present the vendor a PoC. This business model dramatically enlarges the window of opportunity for attacking parties and exposes users to unnecessary risks.
Until this alleged zero-day exploit gets fixed, Windows 8 adopters are advised to run an up-to-date security solution and to pay great attention to what web pages they are pointing their browser to.
tags
A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024