Google: Microsoft is endangering users with Windows 7-8

Google : Microsoft 's focus on όσον αφορά την ασφάλεια θέτει σε κίνδυνο τους that have devices with older but supported versions of Windows according to Google Project Zero researcher Mateusz Jurczyk.

The researcher noted that previous versions of Windows (Windows 7 and 8.1) were affected by the vulnerability which is described as Windows Kernel pool memory. While Microsoft fixed the issue in Windows 10, it did not in older versions of Windows. Microsoft simply added a memset to Windows 10 that prevents information disclosure in the operating system .Google Project Zero

This suggests, according to Jurczyk, that Microsoft identified the issue internally and set it up in Windows 10, but not in Windows 7 or 8.1.

Vulnerability was publicly revealed in 2017, and Microsoft corrects the issue with September 2017 September patch for affected operating systems.

Jurczyk knew that the issue only affected earlier versions of Windows, and he thought about finding out how widespread the issue was.

He used binary diffing, a method to reveal differences between different versions of one and analyzed the Windows ntkrnlpa.exe files, .sys, ntoskrnl.exe, tm.sys, win32kbase.sys and win32kfull.sys

Discover a large number of differences between Windows 7 and 10 and the .1 and 10. Windows 7 is the older OS (compared to Windows 8.1), and had more differences compared to Windows 10 to Windows 8.1.

Google began investigating these differences and found two new vulnerabilities in the process (the two vulnerabilities addressed in September 2017).

Jurczyk concludes that focusing on repairing only the latest version of a product, in the case of Microsoft Windows 10, can be used by malicious users to detect vulnerabilities in earlier versions of a product.

So Microsoft not only leaves some of its customers exposed to attacks, but also very clearly reveals the security vulnerabilities of older operating systems when comparing the files it has upgraded.

Microsoft's focus on Windows 10 is quite problematic in terms of security. Note that all three versions of Windows are still supported by Microsoft and that Windows 8.1 is still in mainstream support.

Unfortunately there is not much Windows users and administrators can do about this issue, from upgrading to Windows 10, which Microsoft also wants.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).