A French security research company recently claimed to have discovered the first zero-day vulnerability in Microsoft’s new Windows 8 operating system. According to an article in Computerworld, the effects of such a discovery less than one week after the software’s release could harm perception of the operating system as it attempts to establish itself as a new product with high level of security.
The research company Vupen, which specializes in finding vulnerabilities in software, announced the flaw via a tweet that implied a hacker could bypass Windows 8 security features such as high-entropy Address Space Layout Randomization (ASLR), anti-Return Oriented Programming and DEP (data execution prevention) measures. A Microsoft spokesman said the company had seen the tweet but had not received any other details.
“Certainly, if the bug is confirmed, then this could be a black eye for Microsoft having their brand new and touted most secure platform already found flawed just after its public release,” Andrew Storms, director of security operations for nCircle, told Computerworld.
Microsoft claimed Windows 8 is selling at a faster rate so far than Windows 7, which has sold 670 million licenses since its 2009 release, according to Reuters. Although Computerworld noted the exact cost of a software security flaw in Windows 8 may be hard to assess, it might be considerable given the operating system’s widespread adoption.