Researchers at Vupen Security, a private security firm that is based in France, claimed that they have uncovered multiple zero-day vulnerabilities in Windows 8 and IE10. These security flaws may potentially allow cybercriminals to gain control of a Windows 8 machine remotely.
The firm has uncovered ways to bypass the security features of Windows 8 and Vupen Chief Executive, Mr. Chaouki Bekrar said in an email to PCWorld that they managed to "chain" multiple vulnerabilities in Windows 8 and Internet Explorer 10 to remotely execute code via a webpage that allowed them to take over an affected Windows 8 machine. However, the security firm did concede that Windows 8 is one of the most secure operating system from Microsoft and it would take highly-skilled hackers to be able to chain these vulnerabilities together and exploit them collectively.
Vupen is a security research firm who essentially sells their proprietary exploits to the highest bidder for profits; however, the firm has a white list of clients with deep pockets who are usually large corporations or governmental agencies. The firm will keep its findings private until it can find a willing buyer for the information about the vulnerability. Due to its highly secretive business operations, it is not known how the firm managed to bypass the exploit-mitigation features of Windows 8 and IE10.
Previously, we reported on the security risk of IE10 on Windows 8 due to security vulnerabilities in the browser's embedded Flash player and Microsoft has already issued a patch prior to the launch of Windows 8. For this current discovery of security flaws, Microsoft has yet to issue an formal response as it has not received any technical details. As an assurance to Windows 8 users, Vupen Chief Executive did mention to PCWorld that because of the security features in Microsoft's latest OS, he did not expect hackers to find vulnerabilities on their own for a while. Vupen is actually well-known for uncovering many vulnerabilities across numerous software systems.