Google: Dangerous for users when Microsoft does not patch Windows the same way on the OS
Google's leading security team, Project Zero, said that Microsoft is putting users at risk when there is no uniformity when patching the Windows operating system versions.
One of Google's researchers came to this conclusion after discovering the CVE-2017-8680 vulnerability, the vulnerability only affects Windows 7 and 8.1, not Windows 10. Further analysis shows Microsoft has patched it internally but not given to other OSs.
Realizing that something was wrong, researcher Mateusz Jurczyk took a closer look by comparing the latest updates of Windows 7, 8.1 and 10.
Patch does not uniformly nourish for new errors
Jurczyk then discovered a patch for some of the bugs applied in different ways for each OS, resulting in a new error. Thus he discovered CVE-2017-8684 and CVE-2017-8685, two vulnerabilities that only affect Windows GDI + on Windows 7 and 8.1.
Different patch codes create a source of vulnerability
Jurczyk tried to conclude that 'the difference in similar security flaws in different versions of the same product can help malicious code discover key weaknesses or just common errors on old versions'.
Different Windows patches help create an environment for new bugs
Different patch codes allow an attacker to create a source of vulnerability (attack direction). As soon as Microsoft released an update, an attacker could compare the patches of Windows 7, 8.1 and 19, finding a similarity that could create a new error.
Researchers also point out that Patch & Diff is a simple way. 'Amateurs can also be easily used to identify the three new vulnerabilities mentioned above'.
Other software may be affected
With Windows, as such, heterogeneous patching problems can also affect other software such as Oracle, Linux or Cisco . 'We encourage the adoption of identical security patches on software versions. supported ', Jurczyk.
You should read it
- Microsoft is preparing to release a series of new security holes
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Microsoft released security patches on IE
- Microsoft blocked Windows 7 security updates without antivirus software
- If you are using Android, you may have been lied by your manufacturer about security updates
- Microsoft released an emergency security patch for a serious vulnerability
- New version of Firefox patched some additional security flaws
- AMD patched a series of security holes in the graphics driver for Windows 10
May be interested
- Windows XP has the last patch before being killedalthough windows xp is about to expire when microsoft stops supporting it, the company still releases a patch for the operating system. many predict that this will be the last patch for this version of windows.
- Microsoft releases new Patch Tuesday update for Windows 10microsoft has released a series of new cumulative updates for win 10 as part of the monthly patch tuesday update cycle, bringing changes and fixes to improve the quality and security of windows 10.
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10patch tuesday's security update by windows 10 this month fixes a fairly serious security hole.
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patchthe emergency patch was released by microsoft just days after it released patch tuesday's update in october.
- Patch Tuesday security patch causes blue screen errors and slows down Windows 10many users have complained about microsoft's patch tuesday august 2020 security patch causing a blue screen error.
- Microsoft patched a series of serious bugs for IE and Office next Tuesdayusers of microsoft products are familiar with patch tuesday - the second third day of the month - often used by microsoft to release patches for their products. tuesday march 12 will be a very important patch tuesday.
- Microsoft released a patch for 75 critical vulnerabilities on Windows 7 / 8.1 / 10, asking users to installmicrosoft has released a cumulative update that fixes 75 new vulnerabilities (including 15 extremely important vulnerabilities) found in windows for windows 10, windows 7, and windows 8.1 users.
- Microsoft released emergency patch updates for Windows 10microsoft has officially released urgent updates for windows 10 1909 and many older versions of the operating system are still in support, to fix a series of screen-related errors. green screen, wifi connection, unstable performance ...
- Trojan forged Microsoft security warningsa spam attack campaign impersonating microsoft's security warning message has just been booted by hackers with the goal of tricking users into downloading and installing a dangerous trojan.
- Chrome, Edge and Firefox cannot be opened after updating Windows 10, 11recently, microsoft has released the patch tuesday april 2022 update to patch a series of serious vulnerabilities on both windows 11, windows 10 and older versions of windows. to ensure safety, microsoft recommends that users update windows immediately.