Sonicwall Midyear Banner1

Security Market Segment LS

Sonicwall Midyear2 Banner

Sonicwall Leaderboard Banner2

Monday, 09 October 2017 10:52

Win7, 8 users being put at risk by Microsoft: Google

By

Google has accused Microsoft of making online life riskier for those who use Windows 7 and Windows 8, compared to those who use Windows 10, as the latest bugs are not being fixed in the older versions.

Mateusz Jurczyk, a researcher with Google's project Zero, used binary diffing to find out which versions of Windows had the latest patches installed.

Windows 7 and 8.1 are still being supported by Microsoft. Jurczyk found that patches which had been released for Windows 10 had not been offered for the two other versions.

Jurczyk wrote that binary diffing could be utilised to find discrepancies between two or more versions of a single product, if they shared the same core code and co-existed on the market, but were serviced independently by the vendor.

"One example of such software is the Windows operating system, which currently has three versions under active support – Windows 7, 8 and 10," he said.

"While Windows 7 still has a nearly 50% share on the desktop market at the time of this writing, Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform.

"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."

Jurczyk then provided a detailed, technical explanation of how he had compared the binaries of the three different Windows avatars to come to his conclusion. He used three vulnerabilities (CVE-2017-8680, CVE-2017-8684, CVE-2017-8685) to illustrate his point.

He said that the binary diffing process he had used was in fact pseudocode-level diffing that didn't require much low-level expertise or knowledge of the operating system internals.

Given this, he said that it could be used by attackers who did not have a high level of proficiency to attack users who were running the earlier Windows versions.

Read 5672 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments