Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Google: Microsoft Is Putting Users at Risk by Not Patching Windows the Same Way

Bytecode

Project Zero, Google's top security team, says that Microsoft is putting customers at risk by not patching Windows OS versions in the same way and with the same consistency.

One of the Google researchers reached this conclusion after discovering CVE-2017-8680, a vulnerability that only affected Windows 7 and 8.1, but not Windows 10. A deeper analysis revealed that Microsoft patched the issue internally, but had not backported the fix to the other OS versions.

Realizing that something was amiss, Project Zero researcher Mateusz Jurczyk looked deeper into the issue by patch and binary diffing recent updates for Windows 7, 8.1, and 10.

Inconsistent patching yields new bugs

Jurczyk subsequently found that patches for some bugs had been applied in different ways to each version, resulting in new bugs, some not specific to the other OS branches.

This is how the researcher discovered CVE-2017-8684 and CVE-2017-8685, two vulnerabilities affecting Windows 7 and Windows 8.1 only,...(continued)

View All Trending Stories