Researchers at VUPEN Security say they have uncovered multiple vulnerabilities in Windows and Internet Explorer 10 that can be combined to bypass security features in Windows 8.
According to VUPEN CEO Chaouki Bekrar, exploiting the vulnerabilities result in remote code execution without any user interaction beyond visiting a webpage.
“As for any new technology, we have been working for weeks on evaluating the security of Windows 8 before its public release,” he said. “This OS [operating system] is definitely the most secure Microsoft operating system so far. It includes impressive protections such as HiASLR (High Entropy), which significantly raises the difficulty of exploitation and and a hardened IE10 code and more secure sandbox.”
However, security researchers were still able to chain multiple vulnerabilities to fully bypass Windows’ address space layout randomization (ASLR), data execution prevention (DEP) and anti-return oriented programming (anti-ROP) protections. The company also was able to break out of the new IE 10 sandbox known as Protected Mode, he said.
Though largely mum on the details, he described the bugs as being mostly memory corruption issues in various levels of the operating system and browser.
“We follow a commercial vulnerability disclosure policy and we share all our research with customers to help them evaluate risks and protect their infrastructures against sophisticated attacks,” he said. “If a vendor is under contract with VUPEN he will receive the information as part of his subscription.”
Windows 8 became generally available Oct. 26, and includes a number of security enhancements over previous versions.
“The most obvious, and controversial, change in Windows 8 security is the new Secure Boot system,” blogged Chester Wisniewski, senior security advisor at Sophos. “New PCs that ship with Windows 8 will be required to use a UEFI BIOS, which is the first component required for securely booting Windows. The UEFI BIOS begins the loading of the operating system and ensures all of the components are signed with a digital certificate belonging to Microsoft. This should go a long way towards disrupting rootkits and boot kits that depend upon the ability to load before Windows and your anti-virus software.”
Microsoft also made minor improvements to the ASLR and DEP protections used to defend Windows and its applications against buffer overflows and other vulnerabilities, he added.
In a statement, David Forstrom, director of Microsoft Trustworthy Computing, said the company saw VUPEN’s tweet about their findings, but that further details have not been shared with them.
“We continue to encourage researchers to participate in Microsoft’s Coordinated Vulnerability Disclosure program to help ensure our customers’ protection,” he said.
*This story was updated with commentary from Microsoft.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- Consolidate Vendors and Products for Better Security
