Windows 8 is looking like it will be a more secure operating system to install than Windows 7, but that doesn't mean it's 100 percent. A security researcher claims that he has found at least three attack points in Windows 8 that could leave the OS open to exploits.
Computerworld India reports that, during a presentation at the recent Black Hat security conference, Sung-ting Tsai of Trend Micro said the three attack points are the kernel level advanced local procedure call, the component object model (COM) application programming interface and the Windows Runtime API. So far, Tsai says he has been unable to create anything that exploits these attack points.
However, that doesn't mean that exploits could not be found by someone dedicated to discovering one. The article states that Tsai developed an attack method against the Windows Runtime API. Tsai says he launched an attack " ... via fuzzing -- sending it random commands to see if they cause the API to malfunction and create a vulnerability."
Tsai claims that anyone using this method would need some time and some luck to find a true exploit and he claims he has had some luck in this area.
Tsai previously found a memory corruption issue in the Consumer Preview version of Windows 8. He reported the problem to Microsoft who later patched it with the launch of the Release Preview build.
So even though three weaknesses have been found, it does not mean that they can be exploited, yet. Seeing as Tsai already reported previous weaknesses to Microsoft, hopefully these three issues will be passed along as well to help make Windows 8, the most secure version of Windows ever.
Source: Computerworld India
40 Comments - Add comment