November 12, 2012
Microsoft To Release First Windows 8 Security Patch Tomorrow
Michael Harper for redOrbit.com — Your Universe Online
By now it should be very well understood: Any computing device navigating the vast expanses of the Internet without some sort of protection, native or otherwise, runs the risk of becoming compromised or contaminated. Now that Windows 8 has spent a few weeks out in the world as a final, finished product, researchers are beginning to report on its security measures while Microsoft prepares to release the OS´s very first security patch.
Earlier this month, French security company VUPEN announced via Twitter that they had already defeated the new security features in Windows 8, running a zero day exploit on the OS as well as the packaged browser, Internet Explorer 10.
VUPEN´s Chief Executive Chaouki Bekrar sent an email to PC World explaining their latest discovery, saying: "We have researched and discovered multiple vulnerabilities in Windows 8 and Internet Explorer 10 that we have combined together to achieve a full remote code execution via a Web page which bypasses the new exploit-mitigation technologies included in Win8.”
VUPEN is an interesting company, however: Rather than discover vulnerabilities in operating systems and other software and reporting them to the companies responsible, VUPEN holds these findings and sells them to their customers, normally governments who are willing to pay large sums of money. These customers are then able to use these vulnerabilities to protect themselves as well as spy on other companies or write their own malware. Due to the nature of VUPEN´s business, Microsoft said they had heard of these exploits, but the exact details had not been shared with them.
While they may not have precise details on the vulnerabilities, Microsoft has said their latest security patches, set to be released on Tuesday, will address 3 “critical” fixes for the 32 and 64-bit versions of Windows 8.
Another security firm, BitDefender, has also claimed to have found their own vulnerabilities in Windows 8, though they also acknowledge the new security features built into the OS make it even more difficult to exploit.
According to their research, BitDefender found they were able to run 15% of cyber-criminal-friendly malware on Windows 8 machines with Windows Defender enabled.
Without Windows Defender turned on, BitDefender was able to run more than 60% of the same malware.
The sample set of malware run on these test PCs consisted mostly of Trojans, worms and file-infectors. According to BitDefender, Trojans performed the best on Windows 8 machines, able to hide themselves just enough so that they weren´t initially detected.
"As with any software, things are found to be vulnerable at one point or another," explained BitDefender senior product manager Alex Balan, speaking with PC World.
"They've made huge leaps forward in terms of security," Balan continued.
"But holes are always going to be found that will allow someone to lower the security barriers. One way or the other, vulnerabilities will be exposed, and they will be exploited."
Microsoft´s first patch for Windows 8 is in line with their normal patch release schedule.