Security Market Segment LS
Monday, 09 October 2017 10:52

Win7, 8 users being put at risk by Microsoft: Google

By

Google has accused Microsoft of making online life riskier for those who use Windows 7 and Windows 8, compared to those who use Windows 10, as the latest bugs are not being fixed in the older versions.

Mateusz Jurczyk, a researcher with Google's project Zero, used binary diffing to find out which versions of Windows had the latest patches installed.

Windows 7 and 8.1 are still being supported by Microsoft. Jurczyk found that patches which had been released for Windows 10 had not been offered for the two other versions.

Jurczyk wrote that binary diffing could be utilised to find discrepancies between two or more versions of a single product, if they shared the same core code and co-existed on the market, but were serviced independently by the vendor.

"One example of such software is the Windows operating system, which currently has three versions under active support – Windows 7, 8 and 10," he said.

"While Windows 7 still has a nearly 50% share on the desktop market at the time of this writing, Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform.

"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."

Jurczyk then provided a detailed, technical explanation of how he had compared the binaries of the three different Windows avatars to come to his conclusion. He used three vulnerabilities (CVE-2017-8680, CVE-2017-8684, CVE-2017-8685) to illustrate his point.

He said that the binary diffing process he had used was in fact pseudocode-level diffing that didn't require much low-level expertise or knowledge of the operating system internals.

Given this, he said that it could be used by attackers who did not have a high level of proficiency to attack users who were running the earlier Windows versions.


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News

Comments