Google: By only patching Windows 10, Microsoft is putting Windows 7 and 8.x users in danger

Angry Windows user

We all know that Microsoft’s focus is on Windows 10. The software giant wants users to upgrade to its new operating system, and has regularly spoken about how that OS keeps users safe.

However, according to Google Project Zero researcher Mateusz Jurczyk, by focusing on patching Windows 10, and not applying the same fixes to Windows 7 and 8.x, Microsoft is actually putting users of those two older operating systems at risk.

Jurczyk noticed when filing an issue in the Project Zero bug tracker (Windows Kernel pool memory disclosure in win32k!NtGdiGetGlyphOutline) and performing some analysis, that the bug was only present in Windows 7 and 8.x, not in Windows 10. That, he found, is because Microsoft patched it on the newest OS, but not on older versions.

That discovery led him to do further digging, using a technique called "binary diffing", and he found more examples of fixes that had been applied to Windows 10, but not to Windows 7 or 8.x. He goes into full details in a lengthy post here.

By using binary diffing, in the same way Jurczyk did, hackers can analyze fixes in a modern OS and use them to uncover weaknesses in older, unpatched versions.

"Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform. This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows," Jurczyk explains.

"Not only does it leave some customers exposed to attacks, but it also visibly reveals what the attack vectors are, which works directly against user security. This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls."

Image credit: TeodorLazarev / Shutterstock

133 Responses to Google: By only patching Windows 10, Microsoft is putting Windows 7 and 8.x users in danger

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.