Comment

Comment on As Microsoft Forces Users to Ditch Windows 10, It Announces That It’s Also Turning Windows 11 into an AI-Controlled Monstrosity

skisnow@lemmy.ca ⁨2⁩ ⁨days⁩ ago

How bad would running Windows 10 past support be exactly? Seems like most vulnerabilities should have been patched by now.

source

Sort:hotnew top

AlDente@sh.itjust.works ⁨2⁩ ⁨days⁩ ago
Extended security updates are available. This can be activated for free using Microsoft Activation Scripts.

Microsoft tech support has been repeatedly caught using these scripts to resolve support tickets for license issues. (bleepingcomputer.com/…/microsoft-support-cracks-w…) Also, the open source MAS code is hosted on Microsoft-owned Github, so they are appearantly not very concerned with people taking advantage of this exploit.

If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.

source
prof@infosec.pub ⁨2⁩ ⁨days⁩ ago
See an example here:

Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it’s planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.

The security defect has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, as it’s rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.

New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.

As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.

source
LastYearsIrritant@sopuli.xyz ⁨2⁩ ⁨days⁩ ago
There’s always going to be vulnerabilities, that’s why they’re ending support. They don’t want to spend time updating an OS they don’t want people using.

Windows 10 is probably fairly secure… today. In 2 years, someone might discover a new vulnerability, and you won’t get the update. If there’s a new way to do web security and the browsers need OS support to implement it, you’ll be stuck on legacy security settings.

source
- Rooster326@programming.dev ⁨2⁩ ⁨days⁩ ago
  It’s not going to take 2 years…
  
  New vulnerabilities are found on a daily to weekly basis.
  
  To put this in perspective. In 2024 there were 1360 reported, 587 vulnerabilities confirmed with 33 of them deemed critical.
  
  I would guess that there are critical vulnerabilities that are right now being worked on because there is no concern of the exploit being patched.
  
  source
- skisnow@lemmy.ca ⁨2⁩ ⁨days⁩ ago
  Out of curiosity, does anyone know how many critical vulnerabilities are currently unpatched in Windows 7?
  
  source
  - LastYearsIrritant@sopuli.xyz ⁨2⁩ ⁨days⁩ ago
    www.cvedetails.com/…/Microsoft-Windows-7.html
    
    source
Holytimes@sh.itjust.works ⁨2⁩ ⁨days⁩ ago
Short term honestly likely fine for your avg person. After even six months tho I wouldn’t trust using it for banking, government sites or anything more sensitive then looking at cat memes.

source
Passerby6497@lemmy.world ⁨2⁩ ⁨days⁩ ago
If you want to keep running Win10, look into 0patch. They do in memory patching and are MUCH smaller, it’s what a real OS manufacturer would put out.

source
Rekorse@sh.itjust.works ⁨2⁩ ⁨days⁩ ago
Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.

source
BlackPenguins@lemmy.world ⁨2⁩ ⁨days⁩ ago
I wouldn’t be surprised if there’s a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like “oh noez, welp guess you have to come to windows 11”.

source
- Blue_Morpho@lemmy.world ⁨2⁩ ⁨days⁩ ago
  They don’t care about forcing you to 11 other than it saves them development costs. All the ads and spyware are also in 10.
  
  source
  - BlackPenguins@lemmy.world ⁨2⁩ ⁨days⁩ ago
    But 11 has spyware at unseen levels with AI. They want you on 11 for your data. That’s why they keep asking me to upgrade every week after I decline.
    
    Linux isn’t an evil corporation. That’s not a fair comparison.
    
    source