VUPEN Researchers Say They Defeated Windows 8 Security

[Prorootect]

VUPEN Researchers Say They Defeated Windows 8 Security: http://www.securityweek.com/vupen-researchers-say-they-defeated-windows-8-security

'Researchers at VUPEN Security say they have uncovered multiple vulnerabilities in Windows and Internet Explorer 10 that can be combined to bypass security features in Windows 8.

According to VUPEN CEO Chaouki Bekrar, exploiting the vulnerabilities result in remote code execution without any user interaction beyond visiting a webpage.' ..

.. 'security researchers were still able to chain multiple vulnerabilities to fully bypass Windows' address space layout randomization (ASLR), data execution prevention (DEP) and anti-return oriented programming (anti-ROP) protections. The company also was able to break out of the new IE 10 sandbox known as Protected Mode, he said.' ..

'In a statement, David Forstrom, director of Microsoft Trustworthy Computing, said the company saw VUPEN's tweet about their findings, but that further details have not been shared with them.

"We continue to encourage researchers to participate in Microsoft's Coordinated Vulnerability Disclosure program to help ensure our customers' protection," he said.'

 

[LawnTractor]

Good post, thanks for the info.

 

[DiabloBlack]

We all know that any security mechanism "man" creates, "man" can break [crack]. What I do find interesting is the fact that you have a mega multi billion dollar company with what seems to be unlimited resources and yet they are still brought down by a comparatively small organization dedicated to security related exploit research.

One can only hope that these companies will work together to make things safer for all of us. The internet is there to be enjoyed by all. We shouldn't have to worry about the evil side of humanity every time we turn on our computers.

 

[treefrog']

IMO the big worry here for me is not that w8 was pawned or even IE 10 was bypassed in protected mode it was always going to have happened unfortunately
whats more worrying IMO is the fact that Vupen earn there livings selling such vulnerabilities to the highest bidders, which more often than not turn out to be governments
these zerodays would pretty quickly become worthless if patched
thats why Vupen does not disclose any details to the software developers
is it only me or is this pretty messed up

 

[Prorootect]

treefrog says: 'whats more worrying IMO is the fact that Vupen earn there livings selling such vulnerabilities to the highest bidders, which more often than not turn out to be governments
these zerodays would pretty quickly become worthless if patched
thats why Vupen does not disclose any details to the software developers'

Exactly: look here: What's the price of a new Windows 8 zero-day vulnerability? French security company Vupen is selling a vulnerability in Microsoft's latest operation system and browser: https://www.infoworld.com/d/security/whats-the-price-of-new-windows-8-zero-day-vulnerability-206277?source=rss_security

'It's not exactly the type of advertisement most people would understand:

For sale: "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed)." It's part of a recent message on Twitter from Vupen' ..

'"Certainly, if the bug is confirmed, then this could be a black eye for Microsoft having their brand new and touted most secure platform already found flawed just after its public release," said Andrew Storms, director of security operations for nCircle.

The market opportunity for a successful exploit may be limited due to the recent release of Windows 8, but "on the other hand, nobody has confirmed this bug isn't also functional on older version of Windows or IE," Storms said.

Jody Melbourne, a penetration tester and senior consultant with the Sydney-based Australian security company HackLabs, said the vulnerability could be useful to third-party Microsoft developers interested in stealing code-signing certificates or source code.' ..