We as a whole realize that Microsoft’s focus is on Windows 10. The software giant needs clients to upgrade to its new operating system and has routinely talked about how that OS protects users.
As per Google’s Project Zero analyst Mateusz Jurczyk, Microsoft is just concentrating on fixing vulnerabilities in its operating system, Windows 10 and has left Windows 7 and 8 in the cold by not rolling the same basic security updates and fixes to them. Therefore, a huge number of computers utilizing the older versions are in danger of being compromised by hackers.
While performing out some examination discovered three distinct vulnerabilities: CVE-2017-8680, CVE-2017-8684, and CVE-2017-8685, which just influenced Windows 7 and 8.1 and not Windows 10.
Jurczyk utilized a technique called ‘binary diffing’ where he discovered cases of patches that had been connected to Windows 10, however not to Windows 7 or 8.1.
For those unaware, binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it’s fixing. This binary diffing technique is especially useful for Microsoft binaries.
Jurczyk figures the diffing procedure he used to discover these kernel issues would not require much ability or information of Windows.
“It could have been easily used by non-advanced attackers to identify the three mentioned vulnerabilities with very little effort,” he writes.
By utilizing binary diffing, hackers can investigate vulnerabilities fixed in Windows 10 and endeavor a similar security bugs exhibit in prior versions of Windows and put its clients in danger.
“Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform. This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows,” Jurczyk explains.
Microsoft additionally put forth itself clear in an announcement to The Register that it would favor all Windows clients to utilize a similar variant of the OS. The organization stated:
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
Right now, Microsoft is supporting the previous versions of OS, Windows 7, 8.1 alongside Windows 10. While Windows 7 should get month to month security fixes from Microsoft until January 14, 2020, Windows 8.1 should get it until January 10, 2023.