Microsoft has issued the usual Patch Tuesday round of updates, but this time – guess what? Windows 8 updates are included, as well as for RT. Isn’t that wonderful?
19 flaws have been fixed in this round of updates. All are being updated in six bulletins this month. These bulletins are listed as MS12-071 through MS12-076. Four are rated critical and two of them urgent.
Now, some have asked about Internet Explorer 10 being vulnerable yet…not at this time. It is not currently vulnerable to the current set of three related flaws in Internet Explorer 9.
However, a font parsing flaw has been found, which could affect Windows 8, as noted in CVE-2012-2897.
Here is a general CVE list of the latest vulnerabilities fixed in the current round:
- Internet Explorer CRITICAL
- Windows Shell Remote Code Execution CRITICAL
- Microsoft Internet Information Systems (IIS) URGENT
- .NET Framework vulnerabilities, affecting multiple versions CRITICAL
- Kernel Mode Drivers CRITICAL
- Microsoft Office Excel Remote Code Execution CRITICAL
Windows 8 is apparently more secure than Windows 7. Perhaps this is true, and it is best to learn what security features there are for the new operating system. Some of these security features are verified to help out very well in the security of Windows 8, and some may not be in time, or lastly some may not work at all.
One of the most discussed security features is Secure Boot. Now, Secure Boot is a Unified Extensible Firmware Interface (UEFI) specified in the boot process to check cryptographic signatures of kernel-mode drivers, making sure they aren’t modified or corrupted. In other words, the boot process is now made to check if the operating system has been corrupted by malware or some other issue.
This is all part of a hardware restriction process called Hardware DRM. All non-ARM devices have the option to turn Secure Boot off, however ARM devices must keep it on. Experts state that it will be resistant to rootkits, since the MBR and BIOS cannot be accessed, unless if someone working on the computer penetrates it.
Next, Windows 8 features better built in antivirus software, with a much better improved Windows Defender. The software in Windows 8 is combined with the optional tool Microsoft Security Essentials. Now, with Windows Defender super-powered with MSE, it has much more anti-malware features.
With better anti-malware features, Internet Explorer is now made with better features as well. It has the ability to prevent zero-day exploits much greater than previous versions of Internet Explorer. With the challenges of exploiting Windows 7, there was the issue risen up again for Java and Flash Player, so hackers can gain control over the operating system. Those browser plugins are now easier to exploit than the Internet Explorer’s code.
A new application sandboxing environment called AppContainer provides the ability to run all apps in a controlled environment, where it controls how apps work. This prevents apps from disrupting the operating system. Of course, this is just supplemented by Internet Explorer’s SmartScreen filter, which prevents the download/install of known malicious software. However, Windows 8 now has SmartScreen available for any app, allowing even more prevention. Of course, this means Microsoft employees are going to increase in numbers, if they really want to keep up. Now that hackers know their new challenges, they will be relentless.
The questions are still played on whether Windows 8 will be a repeat of Vista or not. The reality of the situation, is if Windows 8 has big popularity, then the security issues will also light up big time. However, many will stick to Windows 7, so the security issues for Windows users are not close to be over. Feel free to take a look at related articles below for Symantec’s opinions, which aren’t too well on the new OS.
Added October 31, 2012: Trusted Platform Module, read more
Keep up with the latest security tips on our blog here. In addition, please donate to help us continue to write these awesome whitepapers.
- Over Half Of Windows 8 Users Still Prefer Windows 7 (webpronews.com)
- Gates: New Windows 8 system is `very exciting’ (seattletimes.com)
- Windows 8 Security Is Not Good – Symantec (news.softpedia.com)
- UEFI and Secure Boot: The Hell I Went Through (prismdragon.wordpress.com)
Many sources are talking about the new Windows 8 app, EMR Surface, that is now available for $499 (USD). It is apparently the most pricey app so far, which is fine, because most other solutions for the Windows platforms are much more expensive. This app provides a break from the cost and takes advantage of the new Windows 8 operating system.
The development team Pariscribe has engineered this app. This app was made specifically for the medical industry, and should be treated as such. It offers the ability, according to the app page, to check up on patient information and to “Add Appointment, Billing, Family History, Family History Details, Problems, Progress Note, Risk Factor, Vital Sign, Prescription, Drug Interactions, Reminders.”
Right now, apparently it is in pilot mode, being used in Samsung Series 7 Slate tablets. In 12 MB in size, it comes packed with tons of features, and provides an easy-to-use visual interface. Just may be the future of in-office consultations, instead of the medical laptop usage.
Now available on the Windows Store.
By Jay Pfoutz
Apparently, the new showy security threat is Rakshasa… At Black Hat Las Vegas, this new security technique was unveiled.
This new malware by researcher Jonathan Brossard is apparently ‘impossible to disinfect’.
Now, FIRST OF ALL!! – Anything created with man’s hands can be destroyed. I’d like to see this opinion last: undetectable, can’t be disinfected, etc.
The paper on Rakshasa can be found here. It describes a hardware backdoor. Unbeknownst to this artist researcher, companies like Kaspersky or ESET have already begun to craft hardware antivirus drivers. So, this backdoor hardware malware scheme is a bit late, but maybe just in time, too.
Will it be used? Who knows. That’s the scary part!
It is realistically a BIOSkit, a rootkit that infects the BIOS of the computer. What’s wrong with this…? It can be easily disinfected by flashing all of the devices of the computer, which apparently would be infected.
However, this malware has not been tested in an enterprise-based beta, which means just because it worked on a couple of machines does not mean it would work on any other computer. Impressive? Yes! But, not at all scary, yet.
What makes me more shocked, is that people will actually believe that this malware will not be able to be disinfected. But, this is the turnaround: it can be! This is nothing more than a BIOSkit, and we have seen BIOSkits removed in our leagues many times.
But, then again, people commonly believe rootkits are impossible to be removed too. Look…we proved them wrong!
By inflicting code signing for BIOS, just like all other hardware driver signing, can easily keep it blocked. Also, if BitLocker evolves in Windows 8 and further technologies, it could easily secure the OS. Also, things like device encryption, could be taken to a new level.
This is not a new vulnerability, and Brossard agrees.