Published On: Fri, Oct 6th, 2017

Google Says Microsoft Is Exposing Windows 7 Users to Security Risks by Not Patching Bugs It Fixes in Windows 10

Microsoft is not a large fan of Google’s Project Zero, though a latter continues to mark confidence flaws in a Redmond program maker’s products and strategies. Mateusz Jurczyk, a Project Zero researcher, has now suggested how Microsoft putting Windows 10 as a initial priority is neglecting Windows 7 during a risk of compromising user security.

Windows handling complement now has 3 versions underneath active support: Windows 7, 8 and 10. While Windows 7 continues to browbeat a PC world, Microsoft brings fixes to many of a confidence issues usually to Windows 10.

edge-vs-chromeRelated Google Can’t Stop Trolling Microsoft – Now Wants Whoever Is Left on Edge Browser

Microsoft might not be backporting all a confidence fixes to Windows 7, 8

The problem for Windows 7 users becomes two-fold as they don’t have a confidence protections of these rags and hackers, who might have formerly been unknowingly of a issue, get to learn about these zero-day vulnerabilities by post-patch bulletins.

“While Windows 7 still has a scarcely 50% share on a desktop marketplace during a time of this writing, Microsoft is famous for introducing a series of constructional confidence improvements and infrequently even typical bugfixes usually to a many new Windows platform.

This creates a fake clarity of confidence for users of a comparison systems, and leaves them exposed to program flaws that can be rescued merely by spotting pointed changes in a analogous formula in opposite versions of Windows.”

Jurczyk combined that a association is radically exposing a userbase to attacks by visibly divulgence “what the attack vectors are, that works directly opposite user security.” Leaving clues for hackers with a Windows 10 rags on how to taint those on Windows 7, hackers can use a technique called binary diffing:

“Binary diffing can be employed to learn discrepancies between dual or some-more versions of a singular product, if they share a same core formula and coexist on a market, though are serviced exclusively by a vendor.”

According to a Project Zero researcher, this routine doesn’t even need any low-level knowledge of a handling complement internals, that means even a non-advanced enemy can work out a vulnerabilities patched for Windows 10 and feat them on Windows 7.

windows-10-vs-windows-7Related Windows 10 to Soon Reign Over a PC World as Windows 7 Finally Gets Ready to Go Down

“We wish that these were some of a really few instances of such ‘low unresolved fruit’ being permitted to researchers by diffing,” Jurczyk said. “We inspire program vendors to make certain of it by requesting confidence improvements consistently opposite all upheld versions of their software.”

– Technical sum are accessible in this blog post.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>