Microsoft pursues Win-8-first security-patch policy: analysts

Two vulnerability experts claim zero days possible in under-patched Windows 7

Tags: GermanyMicrosoft CorporationUSA
  • E-Mail
Microsoft pursues Win-8-first security-patch policy: analysts Microsoft has been accused of only releasing security patches for its favoured OS, Win 8, which is present on 75% less machines worldwide than Windows 7.
By  Stephen McBride Published  June 8, 2014

Microsoft Corp's Windows 7 OS has been left vulnerable to malware attacks as Redmond pursues an apparent policy of only pushing out security updates to its more recent operating systems, the Register reported.

A duo of researchers found discrepancies after scanning 900 Windows libraries and noting that four safe functions present in Windows 8 were missing from Windows 7.

Moti Joseph, formerly of Websense, and analyst Marion Marschalek built comparison software, known as a "diffing" tool, called DiffRay, that reported the missing patches.

"Why is it that Microsoft inserted a safe function into Windows 8 [but not] Windows 7?" Joseph asked delegates during a presentation at the Troopers 2014 IT security conference in Heidelberg, Germany.

"The answer is money. Microsoft does not want to waste development time on older operating systems ... and they want people to move to higher operating systems."

The pair warned that the shortfall in security patches could leave Windows 7 with zero-day flaws.

According to recent figures from, Windows 7 continues to dominate the desktop OS market, sitting on just over half of all machines, while its younger siblings Win 8 and Win 8.1 account for a mere 13% share between them. Microsoft stopped support of legacy OS Windows XP in April.

Given that Netmarketshare's figures indicate an overall 91% share of desktops, if Microsoft were to slacken security updates for pre-Win-8 platforms, that would leave 78% of all desktops worldwide under-protected.

1870 days ago

Yet another reason why you shouldn't use Microsofts products and yet another reason to use GNU/Linux.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code