Windows 8 is looking like it will be a more secure operating system to install than Windows 7, but that doesn’t mean it’s 100 percent. A security researcher claims that he has found at least three attack points in Windows 8 that could leave the OS open to exploits.

Computerworld India reports that, during a presentation at the recent Black Hat security conference, Sung-ting Tsai of Trend Micro said the three attack points are the kernel level advanced local procedure call, the component object model (COM) application programming interface and the Windows Runtime API. So far, Tsai says he has been unable to create anything that exploits these attack points.

However, that doesn’t mean that exploits could not be found by someone dedicated to discovering one. The article states that Tsai developed an attack method against the Windows Runtime API. Tsai says he launched an attack ” … via fuzzing — sending it random commands to see if they cause the API to malfunction and create a vulnerability.”

Tsai claims that anyone using this method would need some time and some luck to find a true exploit and he claims he has had some luck in this area.

Continue reading (