Windows 8: 'Multiple Vulnerabilities' Found

Security firm Vupen says it has found several serious security loopholes in the new Windows 8 operating system (OS). However, another security expert says he's not worried about the issues.

Vupen operates in a gray area of the computer security market. Like other security firms, it hunts for flaws in popular software. But it doesn't always pass on its findings to the companies that produce the software.

Instead, Vupen often sells its data to government agencies and major corporations. (Source: geek.com)

"Multiple Vulnerabilities" Found: Vupen CEO

That's why eyebrows were raised when Vupen chief executive officer Chaouki Bekrar recently revealed that his firm's researchers had discovered problems in both Windows 8 and Microsoft's newest web browser, Internet Explorer 10 (IE10).

"We have researched and discovered multiple vulnerabilities in Windows 8 and Internet Explorer 10 that we have combined together to achieve a full remote code execution via a Web page which bypasses the new exploit-mitigation technologies included in Win8," Bekrar said.

In other words, his team has found out how to hack into Windows 8 computers and manipulate them secretly.

Qualys Security Expert Not Worried

However, well-known security expert Wolfgang Kandek says these vulnerabilities are difficult to exploit and unlikely to lead to any major hacks.

Kandek -- currently chief technology officer at security firm Qualys -- says the Vupen report can best be seen as evidence that Windows 8 and IE10 are more secure, not less secure, than their predecessors.

Kandek acknowledged that both Windows 8 and IE10 probably have security loopholes, but said this is only to be expected.

"We've not reached the point where the product is perfect, but that's probably not reachable anyway," Kandek said. (Source: pcworld.com)

Even Vupen's CEO, Bekrar, admitted cybercriminals would need quite some time to exploit the security flaws discovered by his firm's research team.

"We do not expect to see, in the short term, attackers creating an exploit for Windows 8 and Internet Explorer 10 as the cost would be too high," he said.