- OnePlus Nord gets March 2021 security patch with OxygenOS 11.1.1.2 update
- OnePlus 9 and 9 Pro get their first OxygenOS update
- Slack will soon allow organizations to create a private business network for secure communication
- OnePlus Nord receives yet another OxygenOS update, with July security patch, camera imropvements and more
- Apple Co-founder sues YouTube over Bitcoin scam videos
- New Samsung Galaxy Watch 3 comes with fall detection and an amazing hand gesture
- Microsoft’s LinkedIn sued for iOS clipboard snooping
- Deal Alert: Microsoft’s Surface Laptop 3 is $270 cheaper today
- Samsung Galaxy Z Fold 2 will reportedly not launch on the 5th August
- Netmarketshare: Chrome now officially has more than 70% of the desktop browser market.
آخرین مطالب
امکانات وب
It seems some days you just can’t win. Microsoft has been diligent about updating Windows 10 with bug fixes and improvements, and now Google’s Project Zero security team has complained this leaves Windows 7 and Windows 8 vulnerable to exploits revealed by the process.
The issue is due to Windows 7 and Windows 10 sharing the same code base, but bug fixes being rolled out to Windows 10 first and fast, and only later to Windows 7 and 8, allowing hackers to compare the code and detect changes, which can reveal the specifics of the bug fixed and the vulnerability in the unfixed, older version of the OS.
“Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform,” said Google Project Zero researcher Mateusz Jurczyk. “This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows.”
Jurczyk claimes to have found several zero-day exploits using this technique, such as an uninitialized kernel memory disclosure, which can be used to bypass kernel ASLR.
“This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls,” he noted.
“We hope that these were some of the very few instances of such ‘low hanging fruit’ being accessible to researchers through diffing,” he concludes. “And we encourage software vendors to make sure of it by applying security improvements consistently across all supported versions of their software.”
In a statement Microsoft made it clear they would prefer all Windows users simply be on the same version of the OS, saying:
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
Source: Google Project Zero, via Winbuzzer.com
microsoft news...ما را در سایت microsoft news دنبال می کنید
برچسب : نویسنده : محمد رضا جوادیان microsoftnews بازدید : 274
آرشیو مطالب
- بهمن 1394
- اسفند 1394
- دی 1395
- بهمن 1395
- اسفند 1395
- فروردين 1395
- ارديبهشت 1395
- خرداد 1395
- تير 1395
- مرداد 1395
- شهريور 1395
- مهر 1395
- آبان 1395
- دی 1396
- بهمن 1396
- اسفند 1396
- فروردين 1396
- ارديبهشت 1396
- خرداد 1396
- تير 1396
- مرداد 1396
- شهريور 1396
- مهر 1396
- آبان 1396
- آذر 1396
- دی 1397
- فروردين 1397
- ارديبهشت 1397
- خرداد 1397
- تير 1397
- مرداد 1397
- شهريور 1397
- آذر 1397
- دی 1398
- بهمن 1398
- اسفند 1398
- ارديبهشت 1398
- خرداد 1398
- مرداد 1398
- آبان 1398
- آذر 1398
- فروردين 1399
- تير 1399
- مرداد 1399
- فروردين 1400
لینک دوستان
- کرم سفید کننده وا
- دانلود آهنگ جدید
- خرید گوشی
- فرش کاشان
- بازار اجتماعی رایج
- خرید لایسنس نود 32
- هاست ایمیل
- خرید بانه
- خرید بک لینک
- کلاه کاسکت
- موزیک باران
- دانلود آهنگ جدید
- ازن ژنراتور
- نمایندگی شیائومی مشهد
- مشاوره حقوقی تلفنی با وکیل
- کرم سفید کننده واژن
- اگهی استخدام کارپ
- دانلود فیلم
- آرشیو مطالب
- فرش مسجد
- دعا
- لیزر موهای زائد
- رنگ مو
- شارژ