Redmond is patching Windows 8 but NOT Windows 7, say security bods

  • 7 June 2014
  • 9 replies
  • 995 views

Userlevel 7
Badge +54

New tool checks differences, could lead to 0-day bonanza

By Darren Pauli, 6 Jun 2014
 
Microsoft has left Windows 7 exposed by only applying patches to its newest operating systems.
Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities.
 The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.
 


 
Full Article and Video

9 replies

Userlevel 7
Badge +56
From a fellow MVP-Consumer Security on the subject!

"I would say this is just FUD & sour grapes
 
My reading of this is that they have found functions or security mitigations that are standard in W8 but haven’t been backported to W7. Why W7 hasn’t had them backported is up to Microsoft to disclose, but it could well be that W7 isn’t capable of using those functions without a major re-working of the OS . I honestly can’t see a  W7 SP2,3 or 4 to include those & other functions and bring W7 up to W8 “standard”"
 
Daniel 
Userlevel 7
Rant
 
Since Windows 7 is supposedly still supported (They have not discontinued support for it in the same way they did XP yet) and a LOT of major business networks have migratged to 7 over the last year as a result, this is beyond very troubling.
 
Major companies migrated from XP to 7 under the assurance and belief that it would be fully updated and secure... but this would indicate that this is not so.  Fully supported means that if a major Service Pack is needed to bring it up to par, a Service Pack it shall be.  It has been done in the past.... for XP and NOW is the time for it to be done for 7.
 
/Rant
 
😠
Userlevel 7
Badge +56
And we tried telling them....................! I was told there will be no more service packs for Win 7 SP1. :@
 
Daniel
Userlevel 7
In other words, for those companies that migrated over the last 12 months from Windows XP to Windows 7, as for many Windows 8 is still not yet a stable enough, secure enough, and COMPATIBLE enough, OS, they are now stuck with what is essentially only a semi-supported and not really fully secure OS.
 
My employer will not be happy about this..... not at all.
Userlevel 7
Badge +54
MS are doing themselves no favours at all, to win customers and get customer loyalty you do not alienate them.
W7 is not an old OS at all and if they want users to migrate they cannot force them, it may well drive them onto other systems. At the very least keep the last one prior to the most recent updated to give people chance to migrate and companies to test the systems. Most people just get a new OS when they get a new computer, at this rate every year or 2 they will have to change just to stay up to date.
 
Userlevel 7
Badge +56
It's just sad if it's true but with everyone posting everywhere hopefully they will take notice and get it corrected!
 
Daniel
Userlevel 7
I work for a company that operates worldwide... over 60,000 employees.  That is a LOT of terminals that have been migrated to Windows 7 over the last 12 months......
Userlevel 7
Badge +54
MS has to backtrack on this one, they just cannot expect companies large and small to keep using Windows and risk being let down like this. That is a lot of terminals David, a lot of $'s spent migrating them and possibly another huge amount of $'s to upgrade again. Yours is just one business but imagine the global problem, it was not the best PR decision they could have made by a long way.
Userlevel 7
Badge +62
😞 I've been reading these Posts for what a couple days and I'm totally dumbfounded on how MS is handling this. Its like a bad dream. I don't understand Microsoft doing this to all users of W7. You are right Jasper as you mentioned in another post this might lead people to another OS.. I'd say....like APPLE?:S Joking aside this is very disturbing.
 
 
Jasper writes....
MS has to backtrack on this one, they just cannot expect companies large and small to keep using Windows and risk being let down like this. That is a lot of terminals David, a lot of $'s spent migrating them and possibly another huge amount of $'s to upgrade again. Yours is just one business but imagine the global problem, it was not the best PR decision they could have made by a long way.
 
  

Reply