McAfee Identifies Threats for Windows 8 in 2012

McAfee, a security technology firm known for its antivirus solutions, recently released its 2012 Threats Predictions report. Packed with predictions on trends in the realms of hacking, spam, mobile threats, and more, the report touched on issues that could plague Microsoft’s highly anticipated future release of the Windows 8 operating system. Despite the fact that Windows 8 is set to ship with a host of integrated security features aimed to help its users, McAfee noted areas where the optimism for the operating system’s security should be guarded.

An area of particular interest with McAfee’s predictions centers on where hackers plan to attack Windows 8.  The report explains that information security is often a cat and mouse game, where both the good and bad sides interchange roles.  Sometimes cybercriminals initiate the fight by writing malicious code, and security vendors counter with new defenses.  On the flip side, vendors of operating systems can implement new security features, which only forces hackers to think up new ways to get around them.  This back and forth battle is likely to never disappear due to the incentives at stake for both sides.

One big selling point that Microsoft has been touting for Windows 8 is its host of new security features, including integrated anti-malware defense, secure boot functions, and secure password storage, just to name a few.  Such a lineup is impressive, but it brings up the question of where hackers will look for holes.  Older versions of Windows brought address-space layout randomization and data-execution protection to the table to protect user machines, and they also employed encryption technologies to safeguard the OS.  They did provide obstacles to attack, but hackers eventually found ways to outsmart them.  As for Windows 8, McAfee believes attacks will move out of the operating system and into the hardware itself.

The report cites the strides made by malware writers over the years in developing rootkits and bootkits, and predicts that 2012 and the eventual release of Windows 8 will bring about many attempts at attacking hardware and firmware, despite the difficulty involved.  If successful, attackers would be able to create persistent malware images in system BIOS, hard drives, and network cards. 

The 2012 Threats Predictions report also discussed a specific weak spot in Windows 8, saying: “Advances in the Windows 8 bootloader security feature have already caused researchers to show how they can be subverted through legacy BIOS; meanwhile, the product has not even been fully released yet.  With further development around Intel’s unified extensible firmware interface specifications – designed as a software interface between the operating system and platform firmware to enforce a secure boot and to replace legacy BIOS – we expect more attackers to devote their time to evasion research in the coming years.”

For more on this topic, visit

Microsoft Releases Out-of-band Security Update to End 2011

Just when IT departments thought it was safe to let their guard down and enjoy the holiday weekend, Microsoft issued its last security update of the year, MS11-100.  The update addresses a vulnerability found in all versions of the.NET framework that could lead to denial-of-service attacks on servers for ASP.NET pages.  The last bulletin of 2011 is of particular importance due to its out-of-band status, and the fact that it is Microsoft’s 100th update of the year.  

Microsoft’s post on the Security Research & Defense blog offered the following details on the situation: “Yesterday evening, we published an Advanced Notification alerting customers to a new out-of-band security update planned to be released today. The notification listed the update as addressing a Critical Elevation-of-Privilege vulnerability, leading to several questions from customers who expected the bulletin addressing a Denial-of-Service vulnerability to be rated Important.”

The post added: “Before hearing about this vulnerability, we had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation-of-privilege vulnerability. When this vulnerability notification arrived a few weeks ago, the ASP.NET team included the fix into the update already being developed and tested. So the bulletin today addresses four vulnerabilities, one of which is the ASP.NET Denial-of-Service vulnerability presented yesterday.”

The four addressed vulnerabilities pertain to the .NET framework on the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows XP Service Pack 3, Windows Vista, and Windows 7.  Any such systems that remain unpatched and suffer an exploit could give an attacker the power to perform various actions using an existing ASP.NET account.  These actions include the execution of arbitrary commands.

Users that have Automatic Updates enabled on their systems will receive the necessary updates automatically.  Others can check for the updates manually via Windows Update.

While the 100th update may not have been the best way to celebrate the end of 2011, Microsoft did use its blog post to praise its ASP.NET team for its so-called “holiday heroics” in identifying the issue.  Microsoft usually releases security updates on its planned Patch Tuesdays, so this out-of-band release could be considered rare in nature.  Out-of-band updates often mean that the risk of exploits occurring in the wild is high.  That coupled with MS11-100’s Critical rating suggest that the bulletin is one that requires immediate attention.

For more on this topic, visit

[gp-comments width="770" linklove="off" ]