You Are Here: Home » Industry News » Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says

Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says

Hardly has Microsoft’s Windows 8 operating system hit the shelves and French penetration-testing company Vupen claims to have defeated the security mechanisms built into it. According to a tweet by Vupen Chief Executive Chaouki Bekrar, the company has found a way to circumvent all zero-day defense mechanisms built into the OS and the Internet Explorer 10 component.

“We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations. Congrats to our mitigation mitigator @n_joly”, reads the tweet.

Security-wise, Windows 8 is the safest operating system ever released by Microsoft. The inclusion of technologies such as SafeBoot and ELAM, along with a better-sandboxed Internet Explorer 10, was supposed to keep rootkit-based malware at bay and to prevent threats originating from the web to exploit the browser, respectively. However, regardless of the effort, most malware running in the user-space of the operating system has no “compatibility issues” in transitioning from Windows 7 to Windows 8.

What’s even more worrying is that Vupen is known to deny sharing of the exploits they find outside of their circle of customers, unlike other members of the security industry who immediately document the threat and present the vendor a PoC. This business model dramatically enlarges the window of opportunity for attacking parties and exposes users to unnecessary risks.

Until this alleged zero-day exploit gets fixed, Windows 8 adopters are advised to run an up-to-date security solution and to pay great attention to what web pages they are pointing their browser to.

About The Author

E-Threat Analyst

A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Number of Entries : 298

Comments (4)

  • Gbbg

    You do realize that the headline is misleading? Not the first one of this kind I read here. Kinda makes me question is BitDefender a company I can trust my PC with.

  • Bogdan Botezatu

    Hey there, Gbbg. What exactly is misleading in the title? Can you please enlarge what’s bothering you?


Leave a Comment

© 2012 Powered By Bitdefender

Scroll to top