Has Windows 8 been broken just a few days after its launch? A French security company called VUPEN claims to have found such a zero-day exploit and is now selling that information to companies.
Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8— VUPEN Security (@VUPEN) October 30, 2012
VUPEN says in a Twitter post that they have found a way around the security features for both Windows 8 and Internet Explorer 10. It is now selling that information to any companies or governments willing to pay lots of money to protect their Windows 8 systems.
VUPEN is a bit controversial in the computer security business in that it does not actually tell companies like Microsoft what kinds of exploits it has discovered. Microsoft has made much of the fact that Windows 8 uses the Unified Extensible Firmware Interface, or UEFI, to help better protect its newest PC OS.
In a statement, Microsoft says, "We saw the tweet, but further details have not been shared with us. We continue to encourage researchers to participate in Microsoft’s Coordinated Vulnerability Disclosure program to help ensure our customers’ protection.”