Mateusz Jurczyk, a researcher with Google's project Zero, used binary diffing to find out which versions of Windows had the latest patches installed.
Windows 7 and 8.1 are still being supported by Microsoft. Jurczyk found that patches which had been released for Windows 10 had not been offered for the two other versions.
Jurczyk wrote that binary diffing could be utilised to find discrepancies between two or more versions of a single product, if they shared the same core code and co-existed on the market, but were serviced independently by the vendor.
|
|
"While Windows 7 still has a nearly 50% share on the desktop market at the time of this writing, Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform.
"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."
Jurczyk then provided a detailed, technical explanation of how he had compared the binaries of the three different Windows avatars to come to his conclusion. He used three vulnerabilities (CVE-2017-8680, CVE-2017-8684, CVE-2017-8685) to illustrate his point.
He said that the binary diffing process he had used was in fact pseudocode-level diffing that didn't require much low-level expertise or knowledge of the operating system internals.
Given this, he said that it could be used by attackers who did not have a high level of proficiency to attack users who were running the earlier Windows versions.
