Comment on Your Windows 10 PC will soon be 'junk' - users told to resist Microsoft deadline
M0oP0o@mander.xyz 10 months agoFirst off, saying that a system will never have a new vulnerability discovered is beyond naive. It’s the whole reason LTS versions of products exist. To be on a version that constantly is kept up with as new vulnerabilities are discovered. Just because you don’t see them and don’t run in those circles doesn’t mean they don’t exist. So saying something like “there won’t be any new vulnerabilities” is just wrong.
I never said that.
I am asking of the vulnerability used on end users not a list of what white hats have found. (My argument is not that these old OS are safe just not the OH GOD levels of unsafe).
Lightor@lemmy.world 10 months ago
You said there would be no new vulnerabilities. mander.xyz/comment/4923077
“On one hand yes, no more updates. On the other hand, no more new vulnerability and day 0 exploits.”
You said exactly that.
Also these are not all found by white hats. And those vulnerabilities are what is used in an attack. I’m beginning to think you don’t understand security well enough to be making these claims.
M0oP0o@mander.xyz 10 months ago
urgh, there are no NEW vulnerabilities in an old OS that does not get updates. What you are for some reason conflating (or using semantics) is newly DESCOVERED vulnerabilities. The same argument can be used for current OSs (here from that same site as you provided: cvedetails.com/…/Microsoft-Windows-11-22h2-10.0.2…)
Just please show me one report of some home user in the last 5 years who was a victim due to an out of support OS.
Lightor@lemmy.world 10 months ago
Jesus, so you’re saying there will be no new ones made, not that is semantics. A vulnerability never discovered might as well not exist. But guess what you’re also not getting, fixes for all those vulnerabilities. So your stance of “you get no updates, but you also don’t get new vulnerabilities” really means “new vulnerabilities will continue to be discovered but you’ll never get updates for them. They will just be published and known by all, like a guide book on how to pwn you.”
Not it can’t, what are you talking about? New OSs get updates to address these issues. An old OS never has them addressed, but known by the world, which is a huge security risk.
If you need an anecdotal instance of a home user (totally ignoring businesses for some reason) then you don’t have any concept of how these attacks work. Do you remember bleeding heart? Remember how it was used for years and never know? Hell “CVE-2022-22047” was only 2 years ago, and that was an elevated privileges attack, that could take down a whole company.
But ok, you need one that effects home users. How about this one: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2…
It allows printer jobs sent to the home PC to run any code they would like. This means pulling info from your PC or monitoring it.
M0oP0o@mander.xyz 10 months ago
Just give me one case of the exploit being used. That’s all I ask. Not found, used.