Windows 8 just launched and the exploits against the new operating system are already hitting the cyber street.
French security company Vupen said it already developed a reliable exploit. The company, which sells the exploits it develops to Western government agencies and deliberately avoids sharing vulnerability details with vendors, said the exploit it created allows it to take over Windows 8 machines running Internet Explorer 10.
“We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Vupen’s chief executive Chaouki Bekrar said on Twitter.
Windows 8 offers improved exploit mitigation technologies including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization) while IE10 bundles improved sandboxing.
Getting over these added security features is not easy, but hackers are creative and smart, which means no software, not matter how secure it is, remains free from new exploits and malware.
Vupen doesn’t go into details about the security bugs it has identified, since that would drive down the value of the exploits.
The French security firm had promised to come up with Windows 8 exploits at the same time as the launch of the operating system. Bekrar said details of the Windows 8 attack would go out to its customers in a carefully worded answer that failed to rule out the use of the exploit as an offensive tool.
“The in-depth technical details of the flaws will be shared with our customers and they can use them to protect their critical infrastructures against potential attacks or for national security purposes,” Bekrar said.