Microsoftcurrently takes more attention and work on Windows10 operating system, but Google has recently criticized this behavior, says this action will actually let other users include Windows 7 users are much easier attacked by hackers.
Google’s Project Zero researcher Mateusz Jurczyk has listed details in an article of how to use the Windows 10 patch to discover vulnerabilities in Windows 7, he thought that Microsoft should fix the same bugs in Windows 7 as it does in Windows 10. Otherwise, hackers have the opportunity to check for Windows 10 update released code released by Microsoft, and considering the operating system sharing base code, that hackers might be easy to find a way to attack the Windows 7 system.
Microsoft is essentially leaving clues for hackers when it patches Windows 10, but not Windows 7, argues Jurczyk. That’s because hackers can use a technique called ‘binary diffing’ to analyze fixes in a modern product and pinpoint weaknesses in the older product.
Jurczyk continue to explain how he used this approach to discover the zero-day bug in Windows 7, which even non-senior hackers can do.
“This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows,” he writes.
One example was the bug CVE-2017-8680, which affected Windows 8.1 and Windows 7, but curiously not Windows 10. Project Zero reported it to Microsoft in May and it was fixed in Microsoft’s September Patch Tuesday update.
On the other hand, Microsoft says they are committed working to protecting all users, but they also emphasize is on only upgrading to Windows 10 can provide the best security. The Speakman said in a statement:“Windows will promise to investigate security issues mentioned in the report, as soon as possible and take the initiative to update the affected device. In addition, we are constantly investing in defense security, and suggest that users use Windows 10 and Microsoft Edge browser for optimal protection.”
“We hope that these were some of the very few instances of such low-hanging fruit being accessible to researchers through diffing, and we encourage software vendors to make sure of it by applying security improvements consistently across all supported versions of their software.”