1 min read

Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says

Loredana BOTEZATU

November 02, 2012

Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says

Hardly has Microsoft`s Windows 8 operating system hit the shelves and French penetration-testing company Vupen claims to have defeated the security mechanisms built into it. According to a tweet by Vupen Chief Executive Chaouki Bekrar, the company has found a way to circumvent all zero-day defense mechanisms built into the OS and the Internet Explorer 10 component.

“We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations. Congrats to our mitigation mitigator @n_joly”, reads the tweet.

Security-wise, Windows 8 is the safest operating system ever released by Microsoft. The inclusion of technologies such as SafeBoot and ELAM, along with a better-sandboxed Internet Explorer 10, was supposed to keep rootkit-based malware at bay and to prevent threats originating from the web to exploit the browser, respectively. However, regardless of the effort, most malware running in the user-space of the operating system has no “compatibility issues” in transitioning from Windows 7 to Windows 8.

What`s even more worrying is that Vupen is known to deny sharing of the exploits they find outside of their circle of customers, unlike other members of the security industry who immediately document the threat and present the vendor a PoC. This business model dramatically enlarges the window of opportunity for attacking parties and exposes users to unnecessary risks.

Until this alleged zero-day exploit gets fixed, Windows 8 adopters are advised to run an up-to-date security solution and to pay great attention to what web pages they are pointing their browser to.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read