
Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs - Rondom
https://googleprojectzero.blogspot.com/2017/10/using-binary-diffing-to-discover.html
======
sqldba
I see that the two they fixed disclosed more memory than expected - but is
that enough reason to fix it? It seems like you’d probably want a complete POC
before fixing them. Or are there common POCs that these obviously fall into?

~~~
chris_wot
I'm still trying to work out when they fixed this:

[https://bugs.documentfoundation.org/show_bug.cgi?id=62764](https://bugs.documentfoundation.org/show_bug.cgi?id=62764)

They got memory dumps from me, but never got back to me about it. It was
incredibly poor form, I literally rebuilt systems from scratch to get them the
memory dumps, and they never even told me if it helped.

Pretty shitty really. I found a nasty issue, and all I wanted was to know if
they were going to fix it. Hell, I didn't even want credit - just knowing it
was fixed would have been great.

~~~
bonzini
They probably didn't even realize they were fixing it. That happens sometimes.

------
mappu
I know some Windows 7 holdouts, who either prefer the interface or they're
against telemetry. That was a defensible position as long as 7 was still under
security support, but these findings put an end to that. Time to switch, and
-1 trust in Microsoft's lifecycle statements.

~~~
Analemma_
We need a cultural shift in this industry away from thinking it’s OK to run
outdated and vulnerable software. “Why should we upgrade? $OLD_VERSION works
fine!” Yeah, and driving a car with no seatbelts or airbags works fine too...
until it doesn’t.

~~~
ksk
It seems like Microsoft has "learnt" from Chrome and the whole web-apps
ecosystem where the users are conscripted into accepting continuous updates. I
don't doubt that the average user is better off, but they should be making
escape-hatches available for the technical folks who wish to exert a greater
level of control over machines they administer.

~~~
AnIdiotOnTheNet
Except that the average user has moved on to phones and tablets. Desktops
stick around for office workers, gamers, and content creators. The last two
are the kind of people who want control over their computer to improve their
experience/workflow, and the first one is supported by IT that wants control
over their users' computers to improve their users' experience/workflow.

Microsoft has done nothing good for their customers with the bullshit path
they've taken since Windows 8.

~~~
ksk
I am happy with Windows 10, as of now. They have done good, in my opinion. But
then again, I usually switch OSs once MS has released a service pack or two,
so I can't say if it was as big of a shitshow as people claimed it was in the
begining.

~~~
AnIdiotOnTheNet
It's still a shitshow, believe me. If you can't see it it is only because you
don't work with it as often as others.

Google "Windows 10 start button stopped working" and spend a good 20 minutes
reading forum posts about the problem. What you'll find is typical of Windows
10: there are no good answers for why it happens, the only consistent solution
is to reinstall the OS, and it has been a problem for years and still hasn't
been fixed. Meanwhile, they did take the time to remove "Control Panel" as an
option when right-clicking the start button, and add a feature that begs you
to try Edge when you set another browser as default.

~~~
ksk
I get months of uptime without any issues, and I use it every single day.

~~~
tinus_hn
You can’t get months of uptime on Windows 10 because it restarts for updates
all the time.

~~~
detaro
Which you can turn off on most versions. (Most people don't need multi-month
uptimes either, but the forced reboot thing is bad enough that scheduling the
updates manually is the most sane thing to do. I'm not sure what the best UX
to get people to keep their systems up-to-date is, but Win10s current one
isn't it)

