Google: Microsoft is endangering users with Windows 7-8

Google Project Zero: Microsoft's focus on Windows 10 security endangers users with devices with older but supported versions of Windows, according to Google Project Zero researcher Mateusz Jurczyk.

The researcher noted that previous versions of Windows (Windows 7 and 8.1) were affected by the vulnerability described as the Windows Kernel pool . Ενώ η Microsoft επιδιόρθωσε το ζήτημα στα Windows 10, δεν το έκανε σε παλαιότερες εκδόσεις των Windows. Η Microsoft απλά πρόσθεσε ένα memset στα Windows 10 το οποίο εμποδίζει την αποκάλυψη πληροφοριών στο system.Google Project Zero

This suggests, according to Jurczyk, that Microsoft identified the issue internally and set it up in Windows 10, but not in Windows 7 or 8.1.

Vulnerability was publicly revealed in 2017, and Microsoft corrects the issue with September 2017 September patch for affected operating systems.

Jurczyk knew that the issue only affected earlier versions of Windows, and he thought about finding out how widespread the issue was.

He used binary diffing, a method to reveal differences between different versions of one and analyzed the Windows files ntkrnlpa.exe, win32k.sys, ntoskrnl.exe, tm.sys, win32kbase.sys and win32kfull.sys

He discovered a large number of differences between Windows 7 and 10 and Windows 8.1 and 10. Windows 7 is the oldest operating system (compared to Windows 8.1), and they have more differences compared to Windows 10 with Windows 8.1.

Η Google άρχισε να διερευνά αυτές τις διαφορές και βρήκε δύο νέα σημεία στη διεργασία (τα δύο τρωτά σημεία που αντιμετωπίστηκαν τον Σεπτέμβριο του 2017).

Ο Jurczyk καταλήγει στο συμπέρασμα ότι η εστίαση στην επισκευή μόνο της πιο πρόσφατης έκδοσης ενός , στην περίπτωση των Windows 10 της Microsoft, μπορεί να χρησιμοποιηθεί από κακόβουλους χρήστες για να εντοπίσουν τρωτά σημεία σε παλαιότερες εκδόσεις ενός προϊόντος.

So Microsoft not only leaves some of its customers exposed to attacks, but also very clearly reveals the security vulnerabilities of older operating systems when comparing the files it has upgraded.

Microsoft's focus on Windows 10 is quite problematic in terms of security. Note that all three versions of Windows are still supported by Microsoft and that Windows 8.1 is still in mainstream support.

Unfortunately, Windows users and administrators can not do much with this particular issue, in addition to upgrading to Windows 10, something Microsoft desires. The Best Technology Site in Greecefgns

Subscribe to via Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).