In something that would have been unthinkable a while ago, a insecurity expert has waded in to support Microsoft over a security “flaw” in Windows 8.
InfoWorld claimed that the process leaves a lingering cache of automatically collected contacts which are stored unencrypted on a Windows 8 client.
It means that anyone who can sign on to your PC with an administrator account and can see all of your contacts and all of their data names, email addresses, pictures, telephone numbers, and addresses. A few years ago that would have sparked another “patchy windows” story with lots of security experts calling on Vole to sort itself out.
But Michael Cherry, lead analyst, operating systems at the analysis firm Directions on Microsoft, says he has no reason to doubt Thomson’s findings but said it is hardly a security meltdown. Windows 8 is in beta and this is the sort of thing Microsoft will fix.
However he said that while Vole might take some steps to remedy any problems, in the area of privacy, most of the problem is that people already share information among the services.
He said that operating systems cache data all the time and if they had to rebuild all the time, things would run much slower.
Mark Baldwin, principal researcher and consultant at InfosecStuff, told PC Advisor that the risk is any same with Windows 7. The only difference is that Windows 8 is more tightly integrated with social media, it makes sense to cache that data to improve performance.
He said that you need admin rights over the machine to do any damage and if the attacker has that you are toast anyway.