Here we are once more. Previously patched Windows vulnerabilities are now resurfacing. Coincidentally, there is also a significant new warning for at least 400 million users, all of whom must take action to protect their data and PCs from attacks.
It all comes down to time. The public interest advocacy group PIRG is currently pushing Microsoft to allow other users to use the Windows 10 support extension that is already available to schools. They caution that Microsoft intends to discontinue support for Windows 10 in a year, which may instantly make up to 400 million computers outdated. This choice might lead to the greatest increase in computer garbage ever recorded, which would have disastrous effects on consumers and the environment.
Microsoft has granted schools a dispensation ahead of Windows 10’s October 2025 end-of-life (also known as end-of-support) date. PIRG claims that Windows 10 will expire in a year, causing millions of PCs to be junked. We pushed Microsoft to provide more assistance for schools, and we continue to push for more. According to the advocacy network, low- or no-cost rollover of assistance arrangements for home users is also desired.
According to Microsoft’s new policy, “schools can pay $1 per computer for the first year, $2 for the second year, and $4 for the third year to keep Windows 10 computers in classrooms safe from attacks for three additional years.” Compared to enterprise extended support choices, this is far less expensive. The cost of the extended support that consumers can purchase has not yet been disclosed. We are still advocating for the automatic extension of Windows 10’s critical security updates
Although landfills are a significant problem, this time bomb has an even more serious security backdrop. Two more warnings have been issued to owners of the 400 million outdated PCs—as well as the 500 million that have the option to upgrade to Windows 11 but have not—to help them realise the dangers they are taking and the urgency of taking immediate action.
After being rectified in August, the grave “downdate” threat has partially reappeared. Following security researcher Alon Leviev’s August disclosure of the possibility that a computer may be reconfigured to expose it to threats that had already been patched, Microsoft resolved two vulnerabilities. The Windows Update takeover, which was also reported to Microsoft, has not been patched since it did not breach a clear security border, Leviev has now cautioned.
Because physical, administrative-level access to a device is necessary for exploitation, this is a murky area. “Every vulnerability that arose from going beyond a specified security boundary was fixed by Microsoft,” Leviev told Dark Reading. “Since switching between the administrator and kernel is not regarded as a security boundary, it was not fixed.”
Assuming they will be given previous practice, it is still preferable to have support as soon as these vulnerabilities are corrected. The same ought to apply to the Windows Theme vulnerability, which has been reported as a zero-day even though it ought to have been fixed. Although Microsoft recently released a patch (CVE-2024-38030) to fix the related issue, according to Cybersecurity News, “Acros Security researchers reported that the risk was not entirely mitigated.”
The details of either vulnerability are not important because, let’s be honest, Windows zero-days have become increasingly common in recent months. The problem is that, in just one year, hundreds of millions of people will no longer be able to rely on automated, blind-faith support. The Windows environment simply isn’t prepared for that.
