Security Market Segment LS
Monday, 09 October 2017 10:52

Win7, 8 users being put at risk by Microsoft: Google

By

Google has accused Microsoft of making online life riskier for those who use Windows 7 and Windows 8, compared to those who use Windows 10, as the latest bugs are not being fixed in the older versions.

Mateusz Jurczyk, a researcher with Google's project Zero, used binary diffing to find out which versions of Windows had the latest patches installed.

Windows 7 and 8.1 are still being supported by Microsoft. Jurczyk found that patches which had been released for Windows 10 had not been offered for the two other versions.

Jurczyk wrote that binary diffing could be utilised to find discrepancies between two or more versions of a single product, if they shared the same core code and co-existed on the market, but were serviced independently by the vendor.

"One example of such software is the Windows operating system, which currently has three versions under active support – Windows 7, 8 and 10," he said.

"While Windows 7 still has a nearly 50% share on the desktop market at the time of this writing, Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform.

"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."

Jurczyk then provided a detailed, technical explanation of how he had compared the binaries of the three different Windows avatars to come to his conclusion. He used three vulnerabilities (CVE-2017-8680, CVE-2017-8684, CVE-2017-8685) to illustrate his point.

He said that the binary diffing process he had used was in fact pseudocode-level diffing that didn't require much low-level expertise or knowledge of the operating system internals.

Given this, he said that it could be used by attackers who did not have a high level of proficiency to attack users who were running the earlier Windows versions.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments