VUPEN says in a Twitter post that they have found a way around the security features for both Windows 8 and Internet Explorer 10. It is now selling that information to any companies or governments willing to pay lots of money to protect their Windows 8 systems.
VUPEN Security has detailed how to exploit a critical memory corruption vulnerability in Xen hypervisors to break out of virtual machines and execute code.
Microsoft is facing pressure to patch a zero-day threat that is being exploited in the wild, as vulnerability seller VUPEN has found a way to make the exploit work across all Windows platforms.
Attack code for the CVE-2012-1889 flaw, which affects Microsoft XML component found in Internet Explorer, was published earlier this month. The vulnerability could allow remote code execution if a user visits a specially-crafted webpage on Internet Explorer.