Think Information. Think Security.
Windows 8 was released late last week, and already this week French security firm VUPEN says it has broken Microsoft’s latest and greatest security features. The company claims it has developed a 0-day exploit for Windows 8 and IE10, by chaining multiple undisclosed flaws together.

VUPEN finds exploits in popular software from major technology companies like Microsoft, Apple, and Google, only to sell the details to governments around the world and various other parties willing to write massive cheques. The exploits aren’t reported to the companies affected, but are instead sold so that: VUPEN customers can protect themselves (while their competitors are left vulnerable), they can be abused for spying purposes, and they can be used to create malware. This is why, you’ll note that this latest victory was only possible thanks to multiple already-existing 0-days that VUPEN found and did not disclose publicly. If it had, it would not be able to sell them, nor would it be able to hack Windows 8, as Microsoft would have already patched the flaws long ago.

Windows 8 builds on the security improvements made in Windows 7 and Windows Vista, but no software is perfect. Unfortunately, until Microsoft or someone else figures out how VUPEN did it, Windows 8 won’t be patched. On the bright side, typical hacker won’t be able to figure this one out either: Windows 8 raises the security bar even higher than before, and if it was easy, someone would have beaten VUPEN to it long ago. After all, many have had access to the final version of Windows 8 long before it was released last Friday.

Cross-posted from: The Next Web

Leave a Reply.