It is not more than a week since Windows 8 was released worldwide and a security flaw has been found in Windows 8. Not only it has been found but the hackers who found this bug have not reported it Microsoft but are selling it online.
Vupen, a French company that is known for finding vulnerabilities in widely used software from giant companies like Microsoft, Adobe, Apple and Oracle etc has posted a tweet about their recent finding as: ”Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed).”
Vupen has found this bug somewhere in Windows 8 and its Internet Explorer 10 browser. Though the flaw has not been publicly released or fixed by the company yet but Vupen’s message on twitter said that this vulnerability allow a hacker to bypass security of windows 8 including high-entropy Address Space Layout Randomization (ASLR), anti-Return Oriented Programming and DEP (data execution prevention) measures.
The company has also made clear that the problem is not related with Adobe System’s Flash multimedia program.
Vupen is a company which makes its living by finding vulnerabilities in software from famous companies. Its customers are governments, corporations, and other institutions it supposedly vets for legitimacy. In this regard, Vupen is a controversial company because it ignores a professional standard other security researchers observe. They report flaws to the software maker first and then wait at least 30 days before disclosing the flaw to others.
This article has input from BusinessInsider.Com