Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Comments

• SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

  To anyone misreading this, these exploits were patched yesterday and thus were included as the final patch for Windows 10 before the extended security updates requirements kick in.

  Known exploits are always reported to the company first to give them time to patch it before releasing info on the exploits.

  All Windows 10 users will continue to have access to the patches in this final freely available patch Tuesday for Windows 10. They just can’t get new updates without joining the ESU program.

  I hate Microsoft too and only use Linux, but let’s stop the circlejerk of false claims here please and thank you.

  source

  • sourhill@lemmy.sdf.org ⁨4⁩ ⁨weeks⁩ ago

    Zero-day means the company had 0 days to fix it before the exploits were made public. Maybe the headline is wrong?

    source

    • MrNesser@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      Nope 0 days means

      Zero-day vulnerability: A software flaw that attackers discover before the developer does.

      Zero-day exploit: The method hackers use to take advantage of this unknown vulnerability.

      Zero-day attack: An attack that uses a zero-day exploit to damage a system, steal data, or plant malware before a patch is available. This is a serious risk because no defenses are in place for this specific flaw yet.

      The first is the most common one found in the press and is usually reported to the company so they can patch it, before press release.

      source

      • -> View More Comments
    • mic_check_one_two@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

      Nope, 0-day means it was exploited in the wild before the company knew about it. Basically, the company had to rush to patch it because it was already being exploited. It means black-hat hackers found it and exploited it before the white/grey-hat hackers reported it. If white-hat hackers found it first, they’d have already alerted the company and given time to patch it before they announced the vulnerability. But since the black-hat hackers found it first, it was a 0-day.

      source
    • SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

      Perhaps, either that or they made a very quick fix making updates to address them the day before this patch release.

      source
  • floquant@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

    Yeah, until something like this happens again a year or two down the line. Not to mention all unpatched or lagging systems

    source

    • Alaknar@sopuli.xyz ⁨4⁩ ⁨weeks⁩ ago

      It already happened with Windows 7. They still released the patch there.

      source
• NotMyOldRedditName@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

  People have probably been sitting on exploits for months or longer. There will probably be another wave after the 1 year extended support ends.

  source

  • REDACTED@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

    If I remember correctly, MS still pushed some critical patches to Win7 after the support ended as they realized 1/3 of world’s computers turning into botnets is probably not in their interests.

    source

    • Attacker94@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      Except they will stay on their high horse and only give it to extended support this time around, that way they get what they want and they’ll be able to spin it against the people who didn’t opt in.

      source
    • NotMyOldRedditName@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      Wow, that’s hilarious.

      source
• paraphrand@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

  It’s interesting that this supposedly goes back to Windows 3.1?

  source

  • SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

    Other articles make more clear why that is.

    cyberpress.org/windows-agere-modem-driver-0-day-f…

    Rather than issuing a traditional patch for each vulnerability, Microsoft’s October cumulative update completely removes the ltmdm64.sys driver from affected systems.

    As a result, all fax modem hardware relying on the Agere Modem driver will cease to function. While mail and messaging over IP have largely supplanted analog modems, some industrial and legacy applications still depend on fax modems.

    Organizations must therefore audit their environments for any remaining modem dependencies and either migrate to supported alternatives or implement workarounds where available.

    Microsoft’s advisory explicitly recommends that customers eliminate any reliance on the deprecated hardware to avoid service disruptions.

    So maybe not all the way back to the original release, but back to the first release that included this specific telephony modem driver, ltmdm64.sys. If I recall correctly, Windows 3.1 brought networking capabilities.

    However, another article claims it has only been shipped with every version of Windows since 2006.

    thestack.technology/windows-users-hacked-due-to-l…

    CVE-2025-24990 was credited to a security researcher going by the handle @shitsecure who told The Stack by DM “it’s a driver from 2006, never changed… I think it was historically shipped with everything, although that doesn’t make sense at all.”

    source

    • paraphrand@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      Thanks for the details!

      I wonder how often they clean stuff up like this. That crossed my mind earlier, I’m sure there is a bunch of “dormant” software that could be cleaned out or made optional in some way.

      I’m sure the making it optional idea is easier said than done. Especially from a standpoint of discoverability and usability.

      source

      • -> View More Comments
    • muusemuuse@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

      That’s still a lot of people that use that damn driver. I know at least in medical billing there’s always someone still using a damn fax machine. Almost every claim passes through fax technology at some point, although more and more of it is being emulated.

      Where I work, it’s used mostly by emergency rooms that don’t want to use anything else.

      This is not an environment where you want an exploit.

      source

      • -> View More Comments
    • floquant@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

      Are there any figures for how widespread that Agere chip is? I wonder if any German companies are going to be bit in the aas by this lol

      source
  • EndlessNightmare@reddthat.com ⁨4⁩ ⁨weeks⁩ ago

    I was curious about the “every version ever shipped.”

    This gets really old school.

    source
  • Agent641@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Personally I blame Dave Plummer.

    source
  • 87Six@lemmy.zip ⁨4⁩ ⁨weeks⁩ ago

    Ah yes the 0-decade vulnerability…

    Boi will I miss the ever-encompasing shield of Microsoft when my Windows 10 stops receiving updates…

    source
  • Delta_V@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    makes you wonder if/how/by who its been used all these years

    source

    • deathbird@mander.xyz ⁨4⁩ ⁨weeks⁩ ago

      I expect it’s stuff like ATMs, Coinstar machines. Things that may need to phone home regularly but don’t need to sit online constantly.

      source
• zleap@techhub.social ⁨4⁩ ⁨weeks⁩ ago

  @Delta_V

  It will be interesting what happens with this Windows 10 end of support, this just happens to crop up the day after support ends.

  source

  • SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

    The exploits are addressed in the patch released yesterday, on the final day of support.

    source
  • Delta_V@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    yeah, the timing is ‘interesting’

    source
  • Alphane_Moon@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    They will continue to releases major security updates for Windows 10 as long as it has double digit installed base share.

    source

    • mic_check_one_two@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago

      Yeah, they did the same for Win7 for a long time. Win7 was so widely used (and people were so hesitant to upgrade after the awful 8/8.1 mess) that like 25-30% of all the computers in the world were still using it several years after support officially ended. It forced MS to continue issuing critical vulnerability patches for Win7, long after support officially ended.

      source
• Rhaedas@fedia.io ⁨4⁩ ⁨weeks⁩ ago

  So stick with my Linux and don't boot into Windows again. Got it.

  Lots of these exploits can be very specific cases so aren't going to threaten the average user. However the point is, Windows 10 is now a huge target and there are lots who would love to take advantage of a freshly open gate.

  source

  • FreedomAdvocate@lemmy.net.au ⁨4⁩ ⁨weeks⁩ ago

    This is fixed, and the attacked required physical access to the hardware.

    source

    • frog_meister@lemmings.world ⁨4⁩ ⁨weeks⁩ ago

      These are fixed, but microsoft still includes backdoors for Israel.

      source

      • -> View More Comments
• Rentlar@lemmy.ca ⁨4⁩ ⁨weeks⁩ ago

  And it’s not likely to be the last.

  source
• FreedomAdvocate@lemmy.net.au ⁨4⁩ ⁨weeks⁩ ago

  Fixed and required physical access to the machine. If someone malicious has physical access to your machine you’re already done.

  source

  • utopiah@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Does it mean you don’t think login password with physical token with disk encryption work?

    source

    • FreedomAdvocate@lemmy.net.au ⁨4⁩ ⁨weeks⁩ ago

      The attacker had to already be logged in to the machine for this exploit.

      source

      • -> View More Comments
• yoriaiko@lemmy.blahaj.zone ⁨4⁩ ⁨weeks⁩ ago

  If true:

  Totally none did wait for most popular win10 end supports…

  If fake:

  Totally none sus this for being fake scarecrow against anyone who would like to stay on non-service, standalone system.

  source
• lechekaflan@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

  [deleted]

  source

  • muusemuuse@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

    Nope. You don’t need to be using the driver. The article explains that an attacker call upon it and exploit it simply because it is there.

    source