{"id":7692,"date":"2014-06-08T08:15:18","date_gmt":"2014-06-08T12:15:18","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=7692"},"modified":"2014-06-08T10:53:58","modified_gmt":"2014-06-08T14:53:58","slug":"microsoft-has-applied-patches-to-windows-8-files-but-left-windows-7-vulnerable","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/microsoft-has-applied-patches-to-windows-8-files-but-left-windows-7-vulnerable\/","title":{"rendered":"Microsoft has applied patches to Windows 8 files but left Windows 7 vulnerable"},"content":{"rendered":"

Many of you who are using Windows 7 \u00a0have written to us asking if \u00a0you should upgrade to Windows 8.x in light of the recent revelations\u00a0that Microsoft has released fixes for\u00a0Windows 8 for zero-day vulnerabilities but not for Windows 7.<\/p>\n

According to Microsoft<\/a>, Windows 7 with Service Pack One (SP1) will be supported until January 14, 2020 (extended support). This begs the question: Why is Microsoft releasing critical updates and patches for Windows 8.x but not for the still fully supported Windows 7 SP1? Some say money, some say to stimulate sales of its worst selling operating system (Windows 8.x) since Windows ME, but we don’t know. W’e’re not going to guess. I’m not a big Microsoft fan anymore but I think we should wait for them to respond to\u00a0this before we all jump to conclusions.<\/p>\n

Our job is to keep you informed. Most times on this site, we feature articles we feel you’ll find interesting and informative. Sometimes we throw in an article we know is controversial to stimulate discussion as well as to inform. We are not sure where this article fits in; it’s controversial, no doubt, it’s also informative. We are sure you’ll see many more articles about this in the coming days in main stream media — like CNN, \u00a0“USA Today” and FOX News. Unfortunately, sometimes what those media services report isn’t exactly free from hyperbole with a little opinion slant too.<\/p>\n

Let’s all give Microsoft a chance to respond before we think about filing class-action lawsuits, move to Apple, or buy Windows 8.x. We need to wait and see what Microsoft has to say about this — or until there is a wide-spread zero-day attack on Windows 7 which can be provably attributed to Microsoft’s actions or lack thereof.<\/p>\n

\n

Microsoft has applied patches to Windows 8 files but left Windows 7 vulnerable<\/h1>\n

Anyone running Windows 7 could be at risk of zero day attacks according to researchers. Moti Joseph together with malware analyst Marion Marschalek developed a tool which they used to compare hundreds of libraries built into Windows 8 with their Windows 7 counterparts. The pair found that a number of security functions has been updated in Windows 8, but remain untouched in Windows 7.<\/p>\n

Marschalek said it was “scary simple” to develop the comparison tool, and there is no reason that something similar could not be created by someone else. It would then be a very simple matter of analyzing the functions that had changed between the two operating systems to exposed vulnerabilities in Windows 7.<\/p>\n

Four “safe functions” were found to be missing from Microsoft’s dedicated libraries intsafe.h and strsafe.h, according to The Register. At the TROOPERS14 security conference a demonstration was given of the DiffRay tool, and you can see it in the following video:<\/p>\n