Security researcher from the French penetration testing company VUPEN, has claimed to have discovered multiple vulnerabilities in windows 8 that bypass the security features.
"Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" VUPEN posted in the tweet.
"We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations. Congrats to our mitigation mitigator @n_joly" The tweet posted by Vupen Chief Executive Chaouki Bekrar.
Unlike other Security organization, VUPEN shares the technical details of the vulnerability only with their customers. They claimed that their customers can use them to protect their critical infrastructures against potential attacks or for national security purposes.
“We saw the tweet, but further details have not been shared with us. We continue to encourage researchers to participate in Microsoft’s Coordinated Vulnerability Disclosure program to help ensure our customers’ protection,” Microsoft responded for the news about the vulnerability.
We advice Windows 8 users to use up-to-date Antivirus software and pay great attention while visiting links , until this zero-day exploit gets fixed. I believe it will take too much time for finding the vulnerability and fixing them, unless VUPEN give the details to Microsoft.