Updated August 5, to reflect the updated Windows user warning from the US government.
Microsoft's past few weeks have not been favorable. Following the recoil of the Recall, CrowdStrike launched itself, experiencing a series of ups and downs with Copilot momentum in between. But for the great majority of its Windows users, the ongoing concern has been an imminent security nightmare that is now only months away.
Naturally, we are discussing Windows 10 and the excruciatingly unpleasant campaign to alert hundreds of millions of holdouts to the necessity of upgrading to Windows 11. The most recent Microsoft annoyance, a full-screen alert informing users that “end of support for Windows arrives on October 14, 2025; this means your desktop won't receive technical support or security updates after that date,” was something I covered back in June.
If there was any doubt about the actual risk of leaving Windows unsecured, the US government's warning on Monday ought to dispel it. Its Exploited Vulnerability (KEV) catalog now includes a Windows vulnerability from 2018. The CISA alert states that "Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for remote code execution and privilege escalation.”
Users have till August 26th to apply updates or stop utilizing Windows-based systems. Neither Windows 11 nor any other Windows system updated in the last six years is affected by this 2018 issue. Still, there's a serious risk with Windows 10.
The August Cisco Talos report suggesting that a Chinese hacker group connected to the nation's Ministry of State Security might have effectively exploited CVE-2018-0824 as part of an attack on a government research center in Taiwan appears to have served as the impetus for CISA's warning. According to Talos, the center was "probably compromised."
Talos cautions, "APT41 is a dangerous and frequent threat actor that all users and cybersecurity practitioners should be keeping an eye on." "APT41 developed a customized loader to directly inject a proof of concept for CVE-2018-0824, a Microsoft COM for Windows remote code execution vulnerability, into memory to accomplish local privilege escalation... To guard against this vulnerability, users should make sure all Windows systems are up to date with the most recent version.
This is an excellent illustration of why it is a security nightmare to think that hundreds of millions of Windows users may soon reach end-of-support. Users may finally be beginning to pay attention, if not quickly enough or at all. "In July 2024, Windows 11 hit an important milestone: for the first time since its launch in October 2021, the operating system crossed the 30% market share mark," according to a recent report from Windows expert Neowin. Just. With Windows 11 experiencing growth of more than 7% year over year, according to the most recent Statcounter statistics.
But that means that more than twice as many Microsoft Windows users are still not using Windows 11 than those that are. Even now. Three years post-launch.
Except for a Copilot AI-driven boost, Windows 11 is nothing new, and both converts and non-converts are aware of its benefits and drawbacks. Therefore, the question is if this is a trend or a one-time occurrence. You cannot skip down the line chart when you look at Statcounter's Windows 10 chart decline over the past year (above). In a similar vein, Windows 11 growth is, to put it mildly, a simple stroll up a gentle hill.
Therefore, even while there is movement, which is undoubtedly excellent news, the situation appears concerning. Before Windows 11 goes out of support in October 2025, some customers will upgrade to it more quickly. Additionally, some businesses and household users will take advantage of extended paid support when it becomes available. However, millions of customers will also stop using assistance and take the chance. This issue isn't going away, as seen by the numerous headlines that encourage hesitancy (1, 2, 3).
After the events of the last several weeks, with images of blue screens of death appearing everywhere, come October of next year, this might become, at the very least, a hackers' paradise. Another issue that will come into play is dishonest people taking advantage of the unfortunate circumstances and sending out scam after scam to anxious Windows 10 users. Until 2025, expect to see a lot of that.
0 Comments