Microsoft Puts Windows 7 Users At Risk By Patching Windows 10
The Google Project Zero expert Mateusz Jurczyk said that Windows 7 users are at risk due to the untimely release of security patches by Microsoft. Despite the similarity of the code, updates first go to Windows 10, and then get to the old version of the OS. A specialist discovered a number of vulnerabilities in Windows 7 and described how hackers benefit from Microsoft’s update policy.
Attackers analyze the patch code for Windows 10 and through it they find a vulnerability that Microsoft is trying to close. Then hackers use the knowledge they gained to attack the old versions of the OS. Recall, Windows 7 still holds the largest (43.99%) share among all versions of Windows – and all PCs on the “seven” are under threat of hacking.
“This creates a false sense of security for users of old OS, leaving them vulnerable to bugs that can be detected due to changes in the system code after the updates. This not only provides opportunities for attacks, but also outlines their purpose, “Yurchik said.
Mateusz Yurchik also stressed that the search for errors in the security system in this way does not require advanced knowledge of Windows. As an example, the expert named the vulnerabilities CVE-2017-8680, CVE-2017-8684 and CVE-2017-8685, which affected only Windows 7 and 8.1. Microsoft fixed all three bugs with the help of Project Zero.
A source: neowin.net