The French company Vupen, has put on sale a vulnerability in the best style Zero-day on the latest Microsoft operating system
Our first 0day for Win8 + IE10 with HiASLR / AntiROP / DEP & Prot Mode sandbox bypass (Flash not needed).
So said one of the most recent tweets from Vupen, a French company specialized in finding vulnerabilities in a wide range of software from companies such as Microsoft, Adobe, Apple and Oracle.
Vupen occupies a shadowy area in computer security research, selling vulnerabilities to third parties, without sharing details with the companies involved in the software. Vupen alleges that the information helps organizations defend themselves against hackers, and in other cases, take the offensive as well.
Vupen found a problem in the new Windows 8 and in its browser, Internet Explorer 10, the flaw has not yet been published or patched by Microsoft. This is the first vulnerability found since its launch, in addition to several others in applications that run specifically on Windows 8.
Dave Forstrom, Microsoft's chief cyber security officer, encourages researchers to participate in the coordinated vulnerability disclosure program, which asks people (at Vupen) to give them time to fix the problem before it goes public.
«We saw the tweet, but related details have not been shared with us."Said Forstrom in an advertisement.
In Vupen's tweet written on Wednesday, he mentions this bug, it allows a hacker to bypass the security technologies present in Windows 8 including Address Space Layout Randomization (ASLR) Anti-return Oriented Programming and the measurements Data execution prevention (DEP), the company also indicates that this is not the cause of an Adobe flash-related issue.
«Certainly, if the bug is confirmed, it would bring a bad reputation for Microsoft having a new product, touted as the most secure platform, with flaws already identified shortly after its launch.”Said Andrew Storms, Director of Security Operations for nCircle.
The opportunity to exploit this vulnerability may be limited to the recently released Windows 8, but, «on the other hand, no one has confirmed that this bug also affects previous versions of Windows and IEStorms said.
Jody Melborune, a consultant and penetration testing expert at Australian security company HackLabs, said the vulnerability could be useful for developers interested in stealing security certificates or source code.
So what is the value of vulnerability? It's hard to say. Vupen has not published a list price. But
Melbourne said that 'The value of the bug will only increase over time, and of course, how long Vupen keeps it and no one else bumps into it«
Via: computerworldUK
Hello Helena 😀
Hey… did you get my email from GMail at the end? Because AOL doesn't get along with me very well ^ - ^ U
By the way, thank you for this that you do to bring us news that is in other languages, thank you very much indeed.
It is a pleasure to collaborate on the blog, and if I arrive, no problem ^^
Ah well haha, is that AOL seems to hate me LOL!
A pleasure for us.
HA NE!
I didn't really read the whole note, I just saw some random words, like IE10, Windows8, vulnerability, and everything was clearer .. 😀
LOL
xD +1 ...
HAHAHAHAHAHAHAHAHAHAHA
jajajajajajaja
«... if the bug is confirmed, it would bring a bad reputation for Microsoft having a new product, promoted as the most secure platform ...»
That happens to them for promoting their products with lies. They don't learn anymore.
This is part of the daily routine of Windows, it should not be news>:}
The truth is, I am surprised that I was not surprised, the truth was I expected it, for some reason, also a windows8 and without a password until a newbie enters your email.
IE should be discarded since it is very burned.
How about community.
Well, the news is that it is not news. Since Microsoft entered the business of GUIs in its operating systems and other applications, this has always been the trend of Mr. Gates' company and the truth does not surprise me much. Since Windows XP (to locate us in a more recent environment) Microsoft has cacaraqueado the level of security and the truth does not give foot with ball.
Now we will have to see the implications for its users in relation to third-party security applications that will surely make their August fall.
Greetings and that they are well.
Whenever we talk about Microsoft and security holes I have a feeling of Deja Vu.
Who uses IE?
Not even Microsoft use it
= oy after all ... you don't have a secure boot?
Hahaha is windows, what another surprise was going to give.
I expected that XD
Many thanks to the author for the input.
Indeed, I am surprised that they took so long ...
I don't know why it doesn't surprise me, coming from IE10, windows and microsoft… every day that passes I thank God for having linux, otherwise we would be lost with Micro $ oft and its "products".
All right, there is no more happiness than saying "no, I don't want windoze, I have linux" ^^ although I have to say it, windoze errors can be very useful to earn money xD
Years ago I formatted the Windows partition, I don't use it. But doing business with the evil of others is a matter of "vultures."
If there were "vultures" among us, that would not happen.
Greetings.
Sorry ... missing the "no" ... “If there were no 'vultures' among us, that wouldn't happen.
There is also one of those "antivirus" that say that they are free and if you install it you get 25,000 pop-ups that your computer is infected and that you have to pay a certain amount of money to disinfect it and buy the real antivirus. We went back to the 90's!
That's business ¬.¬… first they infect you and then they sell you the vaccine when you buy the program license: /
I recommend avast; it's "free" 😀
PS: I also use Linux, do not think that I am trolling 😐
Haha I think many of us are in the same boat of having to use Microsoft. If it were up to me, I would only use Ubuntu but the programs I use to work do not exist for any other system other than Windows and Wine does not work for them. I think they are too complex. And I have searched forums, Google and many places and it seems that nobody can install it with Wine.
BTW, if anyone knows how to run Peachtree (accounting program) on Linux and everything works fine, their help would be appreciated. I managed to install it but there were some modules that did not work, they throw errors and close the program. Excuse me for getting off topic.
what things happen with microsoft !! hahaha