Microsoft risking its older Operating System users by patching only Windows 10: Google

By Digit NewsDesk | Published on 09 Oct 2017
HIGHLIGHTS

Patching the latest Windows 10 vulnerabilities and not extending support for Windows 7 and Windows 8 gives hackers and attackers an entry point to older operating systems’ vulnerabilities.

Microsoft risking its older Operating System users by patching only Windows 10: Google

#IBMCodePatterns, a developer’s best friend.

#IBMCodePatterns provide complete solutions to problems that developers face every day. They leverage multiple technologies, products, or services to solve issues across multiple industries.

Click here to know more

Advertisements

Google’s Project Zero researcher Mateusz Jurczyk said in a blog post that Microsoft is putting its Windows 7 users’ security in jeopardy by patching Windows 10 actively but not issuing similar patches for its older siblings. 

A common technique called patch diffing, which compares two binary builds sharing the same core code, one with vulnerability and other containing a security fix, is used for finding vulnerabilities and potential attack paths in a software. Jurczyk says patch diffing can be used on software which share the same code and coexist in the market, but are serviced independently by the vendor such as Windows 7, 8 and 10.

The blog post demonstrates the use of patch diffing to find three vulnerabilities CVE-2017-8680, CVE-2017-8684 and CVE-2017-8685 in Windows 7 and 8.1. Project Zero notified Microsoft about the bugs and the bugs were patched in May and September updates. "This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows," Jurczyk writes.

The research also points out the vulnerabilities are not too hard to exploit and could easily be used by non-advanced hackers. Jurczyk said software vendors should make sure that fewer instances of exploits remain, by applying security improvements consistently across all supported versions of their software.

A good reminder to issue critical patch to older systems came in the form of Ransomwares. As Microsoft has stopped support for Windows XP and Server 2003, the company didn’t issue any new patches for latest vulnerabilities, Wannacry and Petya Ransomwares hijacked user’s systems and demanded a ransom amount in order to release the important data.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status