Security firm Vupen has uncovered a zero-day bug in Windows 8 and Internet Explorer 10. The discovery of such a flaw in your software of choice is usually a mixed blessing: yes, there's a bug that could lead to security issues, but the public disclosure of it will often lead to a patch within a day or two. The problem with this case is who has identified the issue. Vupen makes its money by discovering security flaws and bugs and selling the information to "vetted governments and companies." It does not disclose the weakness to the company that developed the software — in this case, Microsoft. Whoever buys the bug will then be able to protect themselves from hackers, and in some cases, according to IDG News, use it to attack others as well.
Microsoft says that it's heard of Vupen's purported discovery, "but further details have not been shared with us." For more on the zero-day bug and the morally-ambiguous world of Vupen's research, check out IDG's report at the source below.