Windows 8 security exploits found
Ryan Martin / 4 years ago
Windows 8 is set for launch on October the 26th, yet the operating system is clearly far from finished. Three security exploits have been found already, based on pre-launch copies of Windows 8. Sung-Ting Tsai of Trend Micro has stated that the three security exploits discovered in Windows 8 have been found in the kernel level advanced local procedure call, the component object model (COM) application programming interface, and the Windows Runtime API.
Security researcher Tsai stated that he developed a whole range of methods for testing the exploits but he had not yet had the time to fully exploit these security vulnerabilities. In other words he hasn’t been able to successfully hack Windows 8 but he can see the potential for it given a bit more time to play around.
He has not been able to develop an exploit against Windows 8 using these scripts against ALPC or even found a vulnerability, but the scripts do provide a way to automate looking for vulnerabilities, he says.
The second attack point he examines is against COM servers, objects that provide services to clients. In Windows 8, Metro applications run in containers, secure sandboxes that limit the applications’ access to only those resources it absolutely needs. And requests for those resources go through the RT broker. The broker is a go-between that limits this access to resources.
But if the application can gain direct access to COM servers, attackers could bypass the sandbox. This COM access would have to be done manually via basic scripts possibly written in assembly language. But if a COM with high permissions could be accessed, attackers could theoretically fashion compromises to the system. “It’s not easy but it’s possible,” Tsai says.
A few months ago,Tsai also discovered a memory corruption vulnerability in the Windows 8 Consumer Preview. He then reported the problem to Microsoft and soon after the vulnerability was patched.