Security specialist VUPEN claims to have developed a zero-day exploit
for Microsoft’s latest Windows 8 operating system, and is willing to
sell the code to the highest bidder. Based in France, VUPEN makes its
money by developing zero-day exploit code which attacks systems through vulnerabilities not yet publicly known.
Zero-day exploits are the best type of exploit for crackers because nobody knows about the exploit therefore there is no protection from it. As the exploit is used in the wild, it gradually comes to peoples’ attention and will eventually be patched – but there is a gap, sometimes days, sometimes years, between a zero-day exploit being developed and the company responsible working to patch for the flaw. Microsoft claims they have improved the security within the operating system. In particular, Internet Explorer 10 has been hardened in a variety of ways to close off what is a common attack surface on desktop and laptop machines.
VUPEN claims that Microsoft have missed something along the way by combining various existing zero-day attacks from its database, the company claims to have developed code to – in the words of the company’s chief executive officer Chauoki Bekrar – ‘pwn all new Win8/IE10 exploit mitigations’ and allow remote code to be executed on a machine.
The news could be disastrous for Microsoft, which declared that it had sold over four million copies of Windows 8 in the three days following its launch last week. If those systems are now vulnerable to attack, the company needs to get working on a fix and fast however VUPEN isn’t going to help.
Zero-day exploits are the best type of exploit for crackers because nobody knows about the exploit therefore there is no protection from it. As the exploit is used in the wild, it gradually comes to peoples’ attention and will eventually be patched – but there is a gap, sometimes days, sometimes years, between a zero-day exploit being developed and the company responsible working to patch for the flaw. Microsoft claims they have improved the security within the operating system. In particular, Internet Explorer 10 has been hardened in a variety of ways to close off what is a common attack surface on desktop and laptop machines.
VUPEN claims that Microsoft have missed something along the way by combining various existing zero-day attacks from its database, the company claims to have developed code to – in the words of the company’s chief executive officer Chauoki Bekrar – ‘pwn all new Win8/IE10 exploit mitigations’ and allow remote code to be executed on a machine.
The news could be disastrous for Microsoft, which declared that it had sold over four million copies of Windows 8 in the three days following its launch last week. If those systems are now vulnerable to attack, the company needs to get working on a fix and fast however VUPEN isn’t going to help.
0 comments:
Post a Comment