Google’s Project Zero researcher Mateusz Jurczyk is arguing that Microsoft is essentially leaving clues for hackers when it patches Windows 10 but not Windows 7: hackers can use a technique called “binary diffing” to analyze fixes in a modern product and pinpoint weaknesses in the older product. The technique lends itself to Windows 7, Windows 8, and Windows 10, which are perfect examples of concurrently supported branches of a single product that share the same core code but patched and improved differently.



As the researcher explains, the ability to use binary diffing is a problem in particular for the security of Windows 7 users, which account for half of all Windows users, because attackers know that Microsoft adds better security and sometimes even bug fixes only to the latest version of Windows. “This creates a false sense of security for users of the older systems and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows,” he writes.

Discussion

Source: [H]ardOCP – Google: Windows 10 Patches Put Windows 7 Users in Danger