If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumps Win 7, 8 out in the cold
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8
out in the cold Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack By Shaun Nichols in San Francisco 6 Oct 2017 at 19:34 https://t.co/z6zw1aNhCq Your new compassionate and caring Microsoft, right there Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows 10 releases – such as the Anniversary Update and the Creator's Update. But this vital repair work is only slowly, if at all, filtering back down to Windows 7 and Windows 8 in the form of monthly software updates. This is all according to researchers on Google's crack Project Zero team. The fear is that miscreants comparing the various public builds of Windows will notice these vulnerabilities are being silently fixed in Windows 10, realize the same holes are present in earlier versions of Windows – which are still used in homes and businesses worldwide – and thus exploit the bugs to infect systems and spy on people. And if hackers haven't realized this, they will now: Google staffers have publicly blogged about it. Redmond engineers are quietly addressing these Windows security flaws as part of their efforts to improve components within the Windows 10 operating system. For instance, a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software's performance while squashing any pesky exploitable bugs along the way. For the marketing department, this is great news: now they can boast about faster loading times. Malware developers, meanwhile, can celebrate when they discover the programming blunders are still present in Windows 8 and 7. "Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform," Google Project Zero researcher Mateusz Jurczyk said on Thursday. Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers READ MORE "This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows." As an example of the problem, Jurczyk highlighted the wobbly use of memset() within the kernel. This is a function that is supposed to overwrite bytes in a specific area of memory to a specific value, such as zero, thus scrubbing away whatever was previously stored in that portion of memory. When the kernel is told by an application, via the NtGdiGetGlyphOutline system call, to fill an area of memory with information, and copy it into the app's memory space, the OS doesn't fully overwrite the area using memset() prior to the copy operation. This means the kernel ends up copying into the application's memory space left over private kernel data, thus leaking information it really shouldn't. This can be useful to snoop on the OS and other programs, or gain enough knowhow of the system's internal operations to pull off more damaging exploits. This information-disclosure bug was fixed in Windows 10, but remained present in Windows 7 and Windows 8.1 – until it was reported by Project Zero to Microsoft at the end of May this year and fixed in patches for Windows 7 and 8.1 systems in September. Google typically gives vendors, including Microsoft, 90 days to address any reported security shortcomings before going public, forcing developers and manufacturers to play their hand. This months-long lag in deploying patches to previous flavors of Windows is leaving systems vulnerable to attack. By broadly upgrading the security defenses in Windows 10, Microsoft is making it easier for hackers to see where they could exploit weak spots in older versions. "Not only does it leave some customers exposed to attacks, but it also visibly reveals what the attack vectors are, which works directly against user security," Jurczyk explained. "This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls." While it's not realistic to expect a vendor to maintain major updates and produce patches indefinitely for older software versions, as many as half of all Windows users are still running Windows 7 and 8 – meaning millions of people are being put at risk by Windows 10's security improvements, ironically. Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020. "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a Microsoft spokesperson told The Register. "Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection." Translation: please, please stop using Windows 7 and 8 https://t.co/z6zw1aNhCq |
Ads |
#2
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumpsWin 7, 8 out in the cold
On 08/10/2017 19:29, FredW wrote:
On Sun, 08 Oct 2017 19:13:37 +0200, Steve Hayes wrote: Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack By Shaun Nichols in San Francisco 6 Oct 2017 at 19:34 https://t.co/z6zw1aNhCq And this weird link may be from ... ? www.theregister.co.uk Fokke |
#3
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumpsWin 7, 8 out in the cold
On 08/10/2017 19:42, Fokke Nauta wrote:
On 08/10/2017 19:29, FredW wrote: On Sun, 08 Oct 2017 19:13:37 +0200, Steve Hayes wrote: Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack By Shaun Nichols in San Francisco 6 Oct 2017 at 19:34 https://t.co/z6zw1aNhCq And this weird link may be from ... ? www.theregister.co.uk Fokke To be more precisely: https://www.theregister.co.uk/2017/1...lder_versions/ Fokke |
#4
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumps Win 7, 8 out in the cold
Steve Hayes wrote:
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack By Shaun Nichols in San Francisco 6 Oct 2017 at 19:34 https://t.co/z6zw1aNhCq When providing redirection links, show the long URL and your shortened URL. Don't expect anyone to blindly visit some hidden target. Your unfurled redirection URL points to: https://www.theregister.co.uk/2017/1...lder_versions/ Your new compassionate and caring Microsoft, right there Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows 10 releases – such as the Anniversary Update and the Creator's Update. But this vital repair work is only slowly, if at all, filtering back down to Windows 7 and Windows 8 in the form of monthly software updates. This is all according to researchers on Google's crack Project Zero team. The fear is that miscreants comparing the various public builds of Windows will notice these vulnerabilities are being silently fixed in Windows 10, realize the same holes are present in earlier versions of Windows – which are still used in homes and businesses worldwide – and thus exploit the bugs to infect systems and spy on people. And if hackers haven't realized this, they will now: Google staffers have publicly blogged about it. Redmond engineers are quietly addressing these Windows security flaws as part of their efforts to improve components within the Windows 10 operating system. For instance, a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software's performance while squashing any pesky exploitable bugs along the way. For the marketing department, this is great news: now they can boast about faster loading times. Malware developers, meanwhile, can celebrate when they discover the programming blunders are still present in Windows 8 and 7. "Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform," Google Project Zero researcher Mateusz Jurczyk said on Thursday. Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers READ MORE "This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows." As an example of the problem, Jurczyk highlighted the wobbly use of memset() within the kernel. This is a function that is supposed to overwrite bytes in a specific area of memory to a specific value, such as zero, thus scrubbing away whatever was previously stored in that portion of memory. When the kernel is told by an application, via the NtGdiGetGlyphOutline system call, to fill an area of memory with information, and copy it into the app's memory space, the OS doesn't fully overwrite the area using memset() prior to the copy operation. This means the kernel ends up copying into the application's memory space left over private kernel data, thus leaking information it really shouldn't. This can be useful to snoop on the OS and other programs, or gain enough knowhow of the system's internal operations to pull off more damaging exploits. This information-disclosure bug was fixed in Windows 10, but remained present in Windows 7 and Windows 8.1 – until it was reported by Project Zero to Microsoft at the end of May this year and fixed in patches for Windows 7 and 8.1 systems in September. Google typically gives vendors, including Microsoft, 90 days to address any reported security shortcomings before going public, forcing developers and manufacturers to play their hand. This months-long lag in deploying patches to previous flavors of Windows is leaving systems vulnerable to attack. By broadly upgrading the security defenses in Windows 10, Microsoft is making it easier for hackers to see where they could exploit weak spots in older versions. "Not only does it leave some customers exposed to attacks, but it also visibly reveals what the attack vectors are, which works directly against user security," Jurczyk explained. "This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls." While it's not realistic to expect a vendor to maintain major updates and produce patches indefinitely for older software versions, as many as half of all Windows users are still running Windows 7 and 8 – meaning millions of people are being put at risk by Windows 10's security improvements, ironically. Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020. "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a Microsoft spokesperson told The Register. "Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection." Translation: please, please stop using Windows 7 and 8 https://t.co/z6zw1aNhCq So far, just a bunch of FUD. The author makes no mention that the repairs to Windows 10 have counterparts in older versions of Windows. Can't repair what ain't broke. New code in Windows 10 means new vulnerabilities unique to THAT operating system. You were told long ago by Microsoft that they would only do monthly security updates for their old and UNSUPPORTED operating systems. Eventually you won't get ANY updates, security or otherwise. Windows 7 extended support ends on Jan 14, 2020, a little over 2 years from now. You MUST have Service Pack 1 since Win7 sans SP1 extended support is already long dead. Windows 8 extended support ends on Jan 10, 2023 so you get longer for security updates but who wants to go to Windows 8? Windows 7/8 users are not getting put at greater security risk as the author wants to flame. They are at the same security risk as before. Since updates are forced in Windows 10 whenever Microsoft wants to push them, saying Microsoft is silently or covertly pushing out updates is just more FUD. In fact, no backward code vulnerabilities have yet been revealed so this is just some author guessing what could happen. |
#5
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumpsWin 7, 8 out in the cold
On 08/10/2017 18:13, Steve Hayes wrote:
Microsoft Critical Articles You have posted a link that criticises Microsoft in every article they write. They are using Linux and so this should tell you everything you need to know about their articles. However, a South African like you with AIDS and rampant crime rate in Johannesburg, I don't hold my breadth to have any common sense to understand how advertising works in modern tech industries. https://i.imgur.com/WcvyvQR.png https://i.imgur.com/WcvyvQR.png What I don't understand is why do people continue using Microsoft or Adobe products when they are avid users of LinJunk. Why are you here on Windows newsgroup anyway? -- With over 500 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
#6
|
|||
|
|||
Microsoft silently fixes security holes in Windows 10 -- dumps Win 7, 8 out in the cold
On Sun, 8 Oct 2017 16:48:57 -0500, VanguardLH wrote:
Steve Hayes wrote: [quoted text muted] By Shaun Nichols in San Francisco 6 Oct 2017 at 19:34 https://t.co/z6zw1aNhCq When providing redirection links, show the long URL and your shortened URL. Don't expect anyone to blindly visit some hidden target. Well said. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
Thread Tools | |
Display Modes | Rate This Thread |
|
|