Google project zero: Microsoft 's focus on Windows 10 όσον αφορά την ασφάλεια θέτει σε κίνδυνο τους users that have devices with older but supported versions of Windows according to Google Project Zero researcher Mateusz Jurczyk.
The researcher noted that previous versions of Windows (Windows 7 and 8.1) were affected by the vulnerability which is described as Windows Kernel pool memory. While Microsoft fixed the issue in Windows 10, it did not in older versions of Windows. Microsoft simply added a memset to Windows 10 that prevents information disclosure in the operating system system.
This suggests, according to Jurczyk, that Microsoft identified the issue internally and set it up in Windows 10, but not in Windows 7 or 8.1.
Vulnerability was publicly revealed in 2017, and Microsoft corrects the issue with September 2017 September patch for affected operating systems.
Jurczyk knew that the issue only affected earlier versions of Windows, and he thought about finding out how widespread the issue was.
He used binary diffing, a method to reveal differences between different versions of one product and analyzed the Windows ntkrnlpa.exe files, win32k.sys, ntoskrnl.exe, tm.sys, win32kbase.sys and win32kfull.sys
Discover a large number of differences between Windows 7 and 10 and the Windows 8.1 and 10. Windows 7 is the older OS (compared to Windows 8.1), and had more differences compared to Windows 10 to Windows 8.1.
Google began investigating these differences and found two new vulnerabilities points in the process (the two vulnerabilities addressed in September 2017).
Jurczyk concludes that focusing on repairing only the latest version of a product, in the case of Microsoft Windows 10, can be used by malicious users to detect vulnerabilities in earlier versions of a product.
So Microsoft not only leaves some of its customers exposed to attacks, but also very clearly reveals the security vulnerabilities of older operating systems when comparing the files it has upgraded.
Microsoft's focus on Windows 10 is quite problematic in terms of security. Note that all three versions of Windows are still supported by Microsoft and that Windows 8.1 is still in mainstream support.
Unfortunately there is not much Windows users and administrators can do about this issue, except from upgrading to Windows 10, which Microsoft also wants.