Vupen, a security company in the business of selling zero-day
vulnerabilities, said Friday that it has found a way to bypass security
mechanisms on Windows 8 and execute code via a Web page.
Vupen Chief Executive Chaouki Bekrar said in an email that the
company's researchers had found "multiple vulnerabilities" in Windows 8
and Internet Explorer 10, the latest version of Microsoft's operating
system and Web browser.
"We have researched and discovered multiple vulnerabilities in
Windows 8 and Internet Explorer 10 that we have combined together to
achieve a full remote code execution via a Web page which bypasses the
new exploit-mitigation technologies included in Win8," he said.
Microsoft declined comment on Bekrar's email, saying that it had not
received any details of the flaws. "We continue to encourage researchers
to participate in Microsoft's Coordinated Vulnerability Disclosure
program to help ensure our customers' protection," Dave Forstrom,
director of Microsoft Trustworthy Computing, said in a statement.
Wolfgang Kandek, chief technology officer of Qualys, said the fact
that Vupen had to chain vulnerabilities was an indication of how well
Microsoft has bolstered security in Windows 8. To exploit such a
collection of bugs would take considerable skill.
by Antone Gonsalves
Source : http://www.itnews.com/access-control-and-authentication/50915/vupen-claims-remote-code-execution-windows-8
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment