• skisnow@lemmy.ca
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 days ago

    How bad would running Windows 10 past support be exactly? Seems like most vulnerabilities should have been patched by now.

    • AlDente@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      18
      ·
      4 days ago

      Extended security updates are available. This can be activated for free using Microsoft Activation Scripts.

      Microsoft tech support has been repeatedly caught using these scripts to resolve support tickets for license issues. (https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/) Also, the open source MAS code is hosted on Microsoft-owned Github, so they are appearantly not very concerned with people taking advantage of this exploit.

      If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.

    • prof@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      4 days ago

      See an example here:

      Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it’s planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.

      The security defect has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, as it’s rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.

      New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.

      As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.

    • LastYearsIrritant@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      7
      ·
      4 days ago

      There’s always going to be vulnerabilities, that’s why they’re ending support. They don’t want to spend time updating an OS they don’t want people using.

      Windows 10 is probably fairly secure… today. In 2 years, someone might discover a new vulnerability, and you won’t get the update. If there’s a new way to do web security and the browsers need OS support to implement it, you’ll be stuck on legacy security settings.

    • Holytimes@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      4 days ago

      Short term honestly likely fine for your avg person. After even six months tho I wouldn’t trust using it for banking, government sites or anything more sensitive then looking at cat memes.

    • Passerby6497@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 days ago

      If you want to keep running Win10, look into 0patch. They do in memory patching and are MUCH smaller, it’s what a real OS manufacturer would put out.

    • Rekorse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 days ago

      Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.

    • BlackPenguins@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      4 days ago

      I wouldn’t be surprised if there’s a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like “oh noez, welp guess you have to come to windows 11”.

      • Blue_Morpho@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        4 days ago

        They don’t care about forcing you to 11 other than it saves them development costs. All the ads and spyware are also in 10.

        It’s the same reason Linux distro’s don’t patch old kernels but force you to upgrade every 12 years.

        • BlackPenguins@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 days ago

          But 11 has spyware at unseen levels with AI. They want you on 11 for your data. That’s why they keep asking me to upgrade every week after I decline.

          Linux isn’t an evil corporation. That’s not a fair comparison.