Google: Microsoft’s focus on Windows 10 puts Windows 7 and 8 users at risk

[frogboy]

Read More. Microsoft's focus on Windows 10 in regards to security puts users who run devices with older but still supported versions of Windows at risk according to Google Project Zero researcher Mateusz Jurczyk.

The researcher noticed that previous versions of Windows -- Windows 7 and 8.1 to be precise -- were affected by the vulnerability described as Windows Kernel pool memory disclosure in win32k!NtGdiGetGlyphOutline whereas Windows 10 was not.

Microsoft fixed the issue on Windows 10, while it did not patch it on older versions of Windows. Microsoft added a memset to Windows 10 which prevented the information disclosure on the operating system.

This suggests, according to Jurczyk, that Microsoft identified the issue internally and fixed it on Windows 10, but not on Windows 7 or 8.1.

The vulnerability came to light in 2017 when it was revealed publicly. Microsoft fixed the issue on the September 2017 Patch Day for affected operating systems.

The question that came to Jurczyk mind after discovering that the issue affected only previous versions of Windows was how widespread the issue was.

Read More. Google: Microsoft's focus on Windows 10 puts Windows 7 and 8 users at risk - gHacks Tech News

 

[tim one]

Windows 8.1 is still in mainstream support so this is a really closed position from MS.
For those users, the only thing to do is to upgrade to Windows 10 at this point.

 

[Lightning_Brian]

@frogboy scary to think about, but oh so true! That's why I'm recommending all of the end users I work with to upgrade to WIndows 10 Pro or Home versions as soon as they can. For some people it's a matter of having enough funds to do so, but I have pointed them to OEM versions showing them that they don't have to pay too much up front for Windows 10.

I agree Windows 7 and Windows 8/8.1 isn't receiving all of the same patches as we once thought these OSs were. Thanks for posting this!