Though there have been a few stumbles, Microsoft has been very good at keeping its Windows 10 OS secure. It releases regular security patches, fixes bugs in Edge, and consistently introduces new features.
Unfortunately, the same can’t be said for its other OSes. In May, it was criticized for holding back a patch for the WannaCrypt ransomware on XP, and now Windows 7 is in the spotlight.
Google Project Zero researcher Mateusz Jurczyk has highlighted Microsoft’s selective patches, saying it leaves clues for hackers. After a Windows 10 fix, hackers use a technique called binary diffing to discover the weaknesses in older operating systems.
As Windows 10 shares much of its core code with Windows 8 and 7, it leaves them open. With Windows 7 accounting for half of all users, that’s a huge number.
“Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform,” Jurczyk explained. “This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows.”
Zero-Day Exploits Already Found
Jurczyk then went into detail, exposing several zero-day exploits he found using this technique. He found instances of uninitialized kernel memory disclosure, which can be used to bypass kernel ASLR.
What’s more, Jurczyk said the technique “was in fact pseudocode-level diffing that didn’t require much low-level expertise or knowledge of the operating system internals.”
“We hope that these were some of the very few instances of such ‘low hanging fruit’ being accessible to researchers through diffing,” he concludes. “And we encourage software vendors to make sure of it by applying security improvements consistently across all supported versions of their software.”
You can read more about the issue on the Project Zero blog.