Microsoft pursues Win-8-first security-patch policy: analysts
Two vulnerability experts claim zero days possible in under-patched Windows 7
Microsoft Corp's Windows 7 OS has been left vulnerable to malware attacks as Redmond pursues an apparent policy of only pushing out security updates to its more recent operating systems, the Register reported.
A duo of researchers found discrepancies after scanning 900 Windows libraries and noting that four safe functions present in Windows 8 were missing from Windows 7.
Moti Joseph, formerly of Websense, and analyst Marion Marschalek built comparison software, known as a "diffing" tool, called DiffRay, that reported the missing patches.
"Why is it that Microsoft inserted a safe function into Windows 8 [but not] Windows 7?" Joseph asked delegates during a presentation at the Troopers 2014 IT security conference in Heidelberg, Germany.
"The answer is money. Microsoft does not want to waste development time on older operating systems ... and they want people to move to higher operating systems."
The pair warned that the shortfall in security patches could leave Windows 7 with zero-day flaws.
According to recent figures from netmarketshare.com, Windows 7 continues to dominate the desktop OS market, sitting on just over half of all machines, while its younger siblings Win 8 and Win 8.1 account for a mere 13% share between them. Microsoft stopped support of legacy OS Windows XP in April.
Given that Netmarketshare's figures indicate an overall 91% share of desktops, if Microsoft were to slacken security updates for pre-Win-8 platforms, that would leave 78% of all desktops worldwide under-protected.