That didn’t take long. Windows 8 was officially released a week ago and hackers have already found a security flaw in it.
But that’s not even the worst news. These guys have not told Microsoft about the flaw. Instead, they’re selling it to others, reports Computerworld.
The flaw was found by the French company Vupen, which makes a living finding vulnerabilities in popular software from companies like Microsoft, Adobe, Apple and Oracle, and then selling those flaws. Its customers are governments, corporations, and other institutions it supposedly vets for legitimacy. (Some hackers sell vulnerabilities to spammers and virus writers, who exploit the security holes to steal data and scam users.)
Vupen is a controversial company because it ignores a professional standard other security researchers observe. They report flaws to the software maker first and then wait at least 30 days before disclosing the flaw to others.
The company has found a vulnerability with Windows 8 and Internet Explorer 10, but since it is selling the information, not disclosing it, there’s not much known about these flaws yet except what Vupen said in a tweet posted a couple of days ago about the so-called “zero-day” vulnerability. (A “zero-day” vulnerability is a previously unknown one.)
Vupen claims to have bypassed Microsoft’s “sandbox,” a protective environment in which new Windows 8 software runs, isolated from other software components.
What this means for Windows users is that hackers have turned their attention onto Windows 8 and Internet Explorer 10. That’s a bummer. Windows malware is a big headache for consumers and businesses alike.?
However, Microsoft has made it tougher for hackers to use flaws they find in Windows 8.
So even if hackers like Vupen find holes in Windows 8, it’s a lot harder for the bad guys to create attacks that would actually harm computers.
Don’t miss: 10 Computer Crooks Who Have Secretly Made Your Life Miserable >