Google: Microsoft is endangering users with Windows 7-8

Google Project Zero: Microsoft's focus on Windows 10 security endangers users with devices with older but supported versions of Windows, according to Google Project Zero researcher Mateusz Jurczyk.

The researcher noted that previous versions of Windows (Windows 7 and 8.1) were affected by the vulnerability described as Windows Kernel pool memory. While Microsoft fixed the issue in Windows 10, it did not do so in earlier versions of Windows. Microsoft has just added a memset to Windows 10 that prevents the operating system from disclosing information.Google Project Zero

This suggests, according to Jurczyk, that Microsoft identified the issue internally and set it up in Windows 10, but not in Windows 7 or 8.1.

Vulnerability was publicly revealed in 2017, and Microsoft corrects the issue with September 2017 September patch for affected operating systems.

Jurczyk knew that the issue only affected earlier versions of Windows, and he thought about finding out how widespread the issue was.

Use binary diffing, a method to reveal differences between different versions of a product, and analyze the Windows files ntkrnlpa.exe, win32k.sys, ntoskrnl.exe, tm.sys, win32kbase.sys, and win32kfull.sys

He discovered a large number of differences between Windows 7 and 10 and Windows 8.1 and 10. Windows 7 is the oldest operating system (compared to Windows 8.1), and they have more differences compared to Windows 10 with Windows 8.1.

Google began to investigate these differences and found two new vulnerabilities in the process (the two vulnerabilities encountered in September of 2017).

Jurczyk concludes that focusing on repairing only the latest version of a product, in the case of Microsoft Windows 10, can be used by malicious users to detect vulnerabilities in earlier versions of a product.

So Microsoft not only leaves some of its customers exposed to attacks, but also very clearly reveals the security vulnerabilities of older operating systems when comparing the files it has upgraded.

Microsoft's focus on Windows 10 is quite problematic in terms of security. Note that all three versions of Windows are still supported by Microsoft and that Windows 8.1 is still in mainstream support.

Unfortunately, Windows users and administrators can not do much with this particular issue, in addition to upgrading to Windows 10, something Microsoft desires.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).