Is Microsoft Playing Us?
HTML-код
- Опубликовано: 17 июн 2024
- lmg.gg/secretlablmgclips
Thanks to Secretlab for being the title sponsor of LMG Clips this year! Check out their ergonomic gaming chairs at the link above. Your back will thank you!
Linus and Luke react to an urgent warning to update Windows in response to a Wi-Fi vulnerability, and then wonder whether Microsoft is being sneaky...
Watch the full WAN Show: ruclips.net/user/liveqthqnD65P_0?...
► GET MERCH: lttstore.com
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
► OUR WAN PODCAST GEAR: lmg.gg/wanset
FOLLOW US ON SOCIAL
---------------------------------------------------
Twitter: / linustech
Facebook: / linustech
Instagram: / linustech
TikTok: / linustech
TikTok (LMG Clips): www.tiktok.com/@_lmgclips_
Twitch: / linustech 
Наука
.. and Microsoft wondered why people were so paranoid about Recall getting hacked.
Recall's already been hacked, it's on github. Just needs to be implemented into malware.
@@hotsauce2446 I wouldn't really call that a hack, though. It's more like just walking into a house with its front door wide open.
@@hotsauce2446honestly it's not really a hack it's just a sqlite data extractor that pulls the data out of the recall database and puts it into folders. People just call it a "hack" for the extra wow factor
@@hotsauce2446 probably some group has added it in their product for sale
@@hotsauce2446 might even has been done already.
I just checked the vulnerability on Microsoft’s site. The fix has been included with this month’s patches. If you have updated Windows after June 11th. You already patched this vulnerability.
Thanks a million! I was a little worried when I couldn't find a new security update to download.
Thanks! Just had the update a couple days ago, so I should be good.
Thank you for the update, I feel a bit better now. I updated my kids' and wife's PC after hearing and reading about this. Then I updated my PC and laptop, so again thanks!
issue is windows updates are a pain they require restarting the computer...unlike a certain other OS which all you have to do is update it and it does so in the background, log off...there it's updated
@@silverscalederg8632forgive me as I’m still fairly newish I guess to pc stuff but how is restarting the system a pain?
Semi-related: I'm thinking when W10 goes EoL I'm going to switch to Linux. I don't want to run W11, but couldn't anyway since my h/w isn't supported. So I have no choice. Another LTT Linux series could be good nearer that time to help those of us out picking a distro coming from W10.
One of us. One of us. One of us!
I think you need to realize that you have agency. You can make your own decisions. You can pick a distro, without some RUclipsr telling you which one you're supposed to pick.
My suggestion is to settle for a popular one. Lots of online help that you don't have to interpret in the "What does this mean in my setup's terms?" kinda way.
Don't use Arch as your first distro. I didn't either. Arch is a destination, not a gateway.
That being said, in my opinion, Arch is the best distro out there, and since two years, I can say that I use Arch btw :)
It's too bad i have too many things that won't work on Linux. I'll just live while conscious of the vulnerabilities and move all my important things to Linux or Mac.
Made the switch last year. Been gaming with zero issues, including streaming to basically every TV ins my house. I rarely touch the terminal, and find it annoying if I have to.
What do you need that doesn't work? Linux would 10000% surprise you.
So we need to update all our machines..... to Ubuntu.
Thanks Microsoft for letting us know
no thanks... Linux is better, but I'm not running anything Ubuntu based
I am seriously considering moving to Mint. The only thing stopping me is the fact that i must still use Windows on my company laptop
@@viv12348 Why would your company laptop being stuck with Windows stop you from moving your own machine(s)?
Linux? Yes.
Ubuntu or Red Hat or anything thats a Red Hat fork like Fedora? no.
Tried that. It's going terribly
What if I put blinds on my windows will that protect my privacy ?
good one
paint it with musou black instead......
I heard just closing your windows stops people from crawling in.
Yes
only if the interior of the blinds is covered in foil
I'm about to upgrade to Linux Mint! Thanks Microsoft
Been using Mint Cinnamon edition for over a month now. Apart from small boot error message (BIOS needs updating) which still allows to load the system - everything else works like a charm. Truly painless experience.
@@terrorbilly1there's tons of problems but you choose to ignore them
No one cares that you play with toys
@@casparhughey5651 Tones of problems for sure. Like the one that it comes with all the necessary software I need pre-installed? Or maybe that it automatically detected (and connected) my terrible hp printer that I had numerous issues trying to connect wirelessly using Win10? Are those the problems you’re talking about?
@@terrorbilly1 don't bother opening your mouth if you're just going to lie
Strange: just when the news begins to circulate that there are 3 times as many Win10 users as Win11 and the share even increases, an emergency emerges that "urges" everyone to upgrade.
How serendipitous.
Win10 is innately insecure, which is why a lot of hardware won't run Win11...
@@blairhoughton7918 Windows 11 is as safe as a tennis racket is useful to protect from the rain.
The title and the info is a bit lacking - if you have all updates of Windows 10 until the 15th of June the bug is removed. No need to use W11.
@@blairhoughton7918 Windows 11 is more insecure than any system before it, just because it stops you from making it real secure. TPM and safe boot isn't secure. It's just another method to control you. In older windows systems you had control over what the system did, because as an administartor you could control everything. But it was a problem too with the uneducated administrators, because it is easy to make errors. Now windows tries to patronize even administrators. I worked in a bank and we had encryption cards in our systems using a high level hardware encryption, many times faster and better than TPM 2.0 and the cards have additional security like destroying disks when Starting outside the banks network - enabling TPM stops these cards from working. You can't install Win11 without secure boot and TPM would have made our high end cards worthless. Now the first systems run under Linux and the desktop used looks the same to the employees. In that case Windows 11 will MS cost hundreds of license keys because it makes the system not secure anymore....
The general problem with windows is that there is no clear difference anymore between a windows system at home and a windows system in a business. Everybody thought they could administrate a company network, because it looked like the PC at home and made big errors and left the business PC's vulnerable. Companies wouldn't spent money on professionals because 'my nephew told me he can do that' and that often left networks wide open like a barn door. And user install their little programs they use at home on systems at work, because admins did not know they had to close that option or user activate options in windows because they work so good at home but will crash the work system. And that is why MS now patronizes people and do not let you do with your PC what you want to, because they think they know better, even if they do not.
In most cases the problem for a system being not secure is between the keyboard and the back of the office chair and not in the OS or hardware.
i feel like the win11 users are forced to. the only reason i use win11 is because my work made us update
This zero interaction vulnerability sounds like an intentional backdoor (for an intelligence agency for example). In any case, people should upgrade as fast as possible. Again highly secure locations, like aerospace development etc should not use wifi.
They don't. Not for work stuff.
The real intentional backdoors are probably at CPU level and you will never hear about them unless someone reverse engineers Intel's CPUs
Both Intel and AMD have backdoor processors on your processor that you don't run and run arbitrary code
That's what Libreboot and other related projects are about
As for WiFi, it's a good fallback sadly, an always-on VPN protects against some things (just not this)
Stop the baseless conspiracy theories already. If it truly was an intended backdoor they would never publicize it.
No it sounds like an intentional backdoor for recall users, that's why I don't trust Microsoft at all.
Wi-Fi is possible on Windows 95; what happens is that the hardware manufacturer has an app to connect to the AP.
Yes, you just need a wi-fi card with win9x drivers available.
This is why clueless people shouldn't be talking about tech. The only thing you need to put wireless on any computer is a driver. Hell they did it for commodore 64
@@casparhughey5651 With just the driver you would only be able to connect to unsecured wireless networks. I remember helping a customer with a Windows 2000 computer and no optical drive & at the time the software for the wireless networking hardware I supported was only available on a CD-ROM & wasn't put online until several months later. We were able to connect the laptop to an unsecured wireless network though. That means no WEP as this was well before even WPA was released.
Dial up 3KB/s ,and AOL.
Getting a real familiar feeling from what we were told when they wanted us to "upgrade" from W7.
I mean it was patched for W10 and W11 so it's probably a good time for those somehow stuck in W8.1 or 7 to upgrade.
@claudiobizama5603 No sympathy for anyone running windows 7. I hate Microsoft. But they are not wrong for pressuring those morons.
Our hospitals keep getting hit with ransomware. Should we upgrade our infrastructure? no
@@claudiobizama5603 Still happily running Win7 on many systems at home and at the office. It just works better. Of course, I firewall the heck out of it, but it does everything WIn10/Win11 doesn't. It doesn't crash. It doesn't force updates. It doesn't spy.
This isn't a pattern, this is just how the world works. Unsupported stuff is more dangerous to use, and the best advice will always be to move to a supported platform or figure it out yourself.
@@NottJoeyOfficial 😂😂😂
Why all of a sudden is Microsoft so eager to finally try to kill off something old to bring in something new? Windows still feels like 50% of its components are leftovers from Windows 3.1 that should be been left in the garbage.
Modern Windows problems is more due to how much they have been needlessly rewriting things, breaking functionality while ignoring things that actually need to be improved. Take the taskbar in Win11 for instance, it seems to have been completely rewritten but why? The old taskbar worked just fine and had way more functionality. Meanwhile network file sharing is still just as much of a buggy, confusing mess as it was in Win7.
At least windows 3.1 wasn't a bloated corpse. Space was at a very limited premium, every megabyte counted.
that the reason windows is still widely used, supports for old software and legacy systems
That's how I feel when I try to use MacOS
The biggest reason is to get integrated DRM started on all computers/media devices to fight "piracy".... Eventually it will check every file you access to see if you own it or not.
I wonder how many of those cheap 3rd party ATM machines you see in corner stores/coffee shops that charge a $5 fee have not gotten this update. Also, I wonder how many of those are still running some form of Windows XP because "if it aint broke don't fix it"
i've never seen an ATM with WiFi
@@SintaxBSD Honestly, this was mainly a guess on my part as some ATMs (not sure if it is most, all, or just a small percentage of them) are just PCs. I've on more than on occasion walked up to am ATM only to see a windows desktop as whatever application was running had crashed. Though, a quick google search appears to show that Wifi is an option for some ATMs, they have to communicate to the banking network somehow.
Fine Microsoft, I will upgrade my system to Linux. Thank you for convincing me to make the switch
You know you could always just use Microsoft Linux.
@@SintaxBSDlol smh...
@@DMS_6482 don't sleep on it... It's what runs Azure ;)
No one will miss you, and no one will care
Just casually disabling my WiFi Card in Device Manager, don't mind me
In bios for me. I already had it off for other reasons.
@NicoleMay316 hell, I may pull it out of the PCIE slot altogether, at this rate. It's not like I use it
Weak... I canceled the electricity supply to my house. Now, no one can attack my Wifi, hah!
My son can’t even get file sharing between two windows machine on the same network to work. And here it is supposed to be a simple thing to actually run software through the WiFi?!! Without being on the WiFi?!!
windows to windows file sharing is a pain in the ass at the best of times. To allow full access to a machine via the wifi beggars belief.
You need password on 'host' machine to share data over network or else it does not work silently.
Also you could write \\computer_ip in Win+R window to connect over LAN SMB to pc without waiting your pc to "discover" other pc (which does not work sometimes) (still need password to work even though password requirement can be disabled, but without password it still doesn't work lul)
Just tell him to reverse shell to share files. That usually works better than LAN sharing. I gave up and just use Dropbox.
When I saw the title and the thumbnail I thought this was going to be a Microsoft tricking people using the fear of a vulnerability to trick people into downloading the windows recall copilot update
i think microsoft would do that
Is that not what this already is?
It is though
I don't use wi-fi on my computers fortunately. All of them are hardwired.
It can still impact you if your computer support wifi discovery, as this vulnerability is on the mechanism of windows to find a wifi network that it could be able to connect to
@@yizhu463 No wi-fi on any of my computers. I avoid that. I would have to add a pcie card or dongle.
Unfortunately my motherboard comes with built in wifi...I wonder if I can disable it?
Same, I specifically go for no WiFi Motherboards every time.
@@dragon_nammiMaybe remove the external wifi antenna, remove wifi driver from windows or smth?
Or just put your mobo in a faraday cage 😂
I've been using Linux as my daily driver for the past 15 years. Seeing this latest security blunder by Microsoft pretty much confirms where they were headed the past several years....to the toilet.
more like the septic tank....
Windows OutHouse®
Okay. and how many have cared?
Yeah I'm just not using microsoft anymore in general. linux will be my next OS.
I want to keep Windows around in case there’s any apps/games that absolutely require it, but I’ve bought a tiny USB drive to install Linux on, which will become my usual OS.
That's not a good idea. Usb drives really aren't good for hosting an OS for everyday use.
You can get a ssd to usb adapter if you dont have space on your motherboard for another ssd.
Also the compatability would surprise you. You don't realize how good it is until you try it
I used to have a USB SSD enclosure velcroed to the lid of my laptop to boot from. You can also run a vm for that legacy windows app.
@@user-in2cs1vp6o this is for my laptop, I’m kinda limited in storage options. I don’t wanna mess around with repartitioning the internal SSD. I know compatibility is great for a lot of stuff, but there are exceptions.
@@DissociatedWomenIncorporateduse Boxes or some other Linux VM to run your Windows in. You can set it up so Windows doesn't even know it's a VM on your Linux hypervisor
1. Design a feature that allows secretive access to a user's PC.
2. Implement it so that it's easily explained as a bug.
3. Use it to keep the TLA's off your back or to force mass upgrades in the future.
4. Profit!!!
1:03 Minutes in: i made wifi work on miniature MS-DOS Computers/Terminals mounted on forklifts racing around a warehouse and scanning stuff LIVE into a Database in the backend back in 2001. ( I know DOS was outdated then already :D but it was only used to launch a terminal session into a mainframe)
Windows XP was the first version of Windows to have native support for wireless networks. For older versions of Windows, you needed to use third-party software to configure WPS or WPA on them.
I really wish there was a real competitor for windows that supported software i need for school and was possible to game on
Well, did my final years on engineering on Linux and still game on it. What do you need for school that isn't supported yet?
@@hugofontes5708 i havent looked super hard but i dont think they have revit for architecture. I can use autocad but revit is so nice.
Pop!_OS is damn good. What type of school are you at?
@@ThePlayerOfGames im doing a pre architecture program so i can do a masters in it later
CAD software isnt well supported unfortunately... if you need a good windows VM go look up GPU passthrough & looking glass
Wifi on Windows95 ? you can go old school and get Wifi on DOS!
Oldschool is 300 baud modem on a c64
Indeed I've done it many times b4 for those that actually needed it
Though the speeds avail for such I would laugh at a hacker having that level of patience to deal with the ping alone
@@rgreening I was king in the neighborhood, armed with an 8088 PC and a 300 baud modem circa 1992... I also had a Color Computer 3 just before that, with a 300 baud modem (Tandy CoCo3 ) ... It was an accomplishment to use the old bulletin board systems; the phone bill was something else; quite pricey ..
I started out around 1983/84. I also was a SysOp on a local BBS. Those were the days.
this is an 8.8/10 for severity ? HOW is that not higher ?!
Is physical proximity such a limiting factor for it to be "only" 8.8 ?
Because the method used isn't public knowledge and it's not under active exploit. They already have patched the exploit in the June patches. The advice was to patch as per your normal schedule. This exploit was simply something that was discovered likely in a bug bounty or internally, it's NOT a zero day. LTT do not understand cybersecurity and they hyped this nothing burger up. You really need to analyse the actual CVE. Just because it's an 8.8 doesn't mean its an Oh Fuck moment.
@@Sepheron44 Fair enough, I'll admit I'm not too well versed in how things like this work, but thanks for the clarification, makes me curious how bad an actual 10 would be
@@molly_dreemurrThe attack vector needs to be easily accesable. Aka, no proximity needed.
It should be compatible. Affect many systems regardless of OS or architecture.
The attack complexity needs to be low. Anyone can replicate the attack.
It should not require privileges.
It should not require user interaction.
Scope, the attack should give full access.
The reports of the hack should be credible.
It should be hard to patch
The exploit should be mature. People have had time to work out kinks and bugs.
It should have a large impact.
So.... It needs to be pretty bad
@@molly_dreemurr Something like admin level acces to everything on your computer without you even knowing about it and the ability to lock you out. everything includes your bank accounts
@@molly_dreemurr10 would be like network wide damage on everything
I wonder if Xbox is vulnerable...
anything windows with wifi is.
I installed Linux (Bazzite to be exact) last week and couldn't be happier. Everything runs out of the box.
Fantastic os
What about games?
@@SahilP2648 As far as I can tell so far, I don't have any issues with gaming. My Steam games all run out of the box - you just have to activate Steam Play for all games in the Steam compatibility settings. Games from Epic, GOG etc. also run smoothly via Heroic Games Launcher (or Lutris). To be absolutely honest, gaming on Linux is incredibly easy. I was a bit worried myself before I made the switch and gave it more thought than necessary, but everything is working flawlessly.
Just google "protondb" and "areweanticheatyet" for databases of games running on Linux.
@@SahilP2648 linux can run about any game with proton as long as it does not have anticheat
@@SahilP2648 For whatever reason, my reply gets shadowbanned every time. So short answer: I don't have any issues with gaming, as far as I can tell. My Steam games all run out of the box - you just have to activate Steam Play for all games in the Steam compatibility settings. Games from Epic, GOG etc. also run smoothly via Heroic Games Launcher (or Lutris). To be absolutely honest, gaming on Linux is incredibly easy. I was a bit worried myself before I made the switch and gave it more thought than necessary, but everything is working flawlessly.
Someone away from home pc rn, if it's disconnected from power do I have to worry? I always unplug when leaving for extended periods of time. Also, I have no knowledge if I got the most recent update before leaving.
If it's completely unplugged and somewhere that nobody is going to break into, you're fine.
Windows is the ones that developed this hack and it got out. So now they report it as bad
wouldnt doubt that tbh
It is almost like Microsoft wants users to upgrade to Linux
I mean, it's bad but I'll give it to them on this one, they patched it (still bad)
The utterly enormous reason i will be doing everything i can to switch to linux is because of windows. My confidence grows the more they eff win11 and the more i see other people switching to Linux and claiming to in the future.
They want all the 7 and 8 users gone.
In their defense, they patched it quickly and announced the flaw. Vulnerabilities will happen on all OSes. However the real issue with windows and justification for switching to Linux is things like advertising IDs and Microsoft accounts. Let's not even talk about recall.
a easy fix move to Linux , But I'm all hard wired for all my windows PCs are all hardwired, the only WiFi computer are IOT devices , printers , camera , etc , which are all vlan-ed and firewall to stop them getting anywhere they should not be.
you are AMAZING! A+++!
how close is close proximity 3meters 2 or needs to be like old days or ir the device almost kissing each other?
Yep maybe like 10meters - 15meters.
0:07 "that has got all users being warned too-" *samsung ringtone*
They're recalling stuff like Teamviewer did on Linus
how the f do you suddenly introduce that bug/feature
It wasn't just introduced. A vulnerability was discovered by a 3rd party researcher and reported to Microsoft.
The backbone of windows 10 and 11 comes from NT 6, a version of Windows server from like 15 - 20 years ago
Windows is LITERALLY built on garbage on top of garbage
Good thing i don't have wifi on my computer.
Do you have WiFi on any windows machine connected to the same network as your adorementioned computer?
I would love it if someone made idiot proof Windows like OS for air gap systems, called *"Shutters..."*
WiFi on Windows 95 absolutely does work! Back in 1997, the executives of my company all had laptops equipped with at the time, $10K per Proxim PCMCIA RangeLan2 WiFi cards so that they could connect wirelessly both at the office and at their home to work to Proxim access points installed there. The executive's homes were also ADSL WAN connected back to the office for both systems and Internet access. It was a VERY nice, although very expensive option at the time that reflected what was to come for everyone else.
What is that headphone you both are using? Is it "Beyerdynamic" which model is it?
Looks like Audio Technica ATH M50x with custom earpads to me. Very solid headphones especially if you consider the price to quality metric. They sound good are well-built, can be serviced, parts are somewhat replaceable, and won't cost you your arm and leg.
@@MrGreenAKAguci00 Awesome
My PC doesn't have Wifi inside the machine. The wifi router on top of my pc is connected by ethernet cable.
Do this vulnerability works in same way?
no you need wifi for this to work, and microsoft already patched this issue as long as you aree updated you are safe, but the problem is it was patched 11 jun 2024, who knows how muc this was abused earlier?
1 only if another PC with inputted unpatched Windows connected to your router, got hacked, and then was used to spread malware over the network
2. If your router is an Asus or TP-LINK then update it immediately
@@gabrielandy9272 possibly 10 years, if it affects unsupported versions it could have been around since win 7 or xp
@@jasonmullinder People exploited it years ago. I thought it was patched out.
Guess not.
But proximity can mean up to ~300m realistically depending on the environment. (at about 1km the signal travel time becomes to high and wifi drivers drop the packages. So this requires modified systems on both sides)
Okay, thinking through this, in suburbs made of cardboard 500m might be realistic.
I was thinking of stone and concrete buildings where you need advantageous geography to even get the previously mentioned numbers.
I know you can get DOS onto wifi
You can get a C64 on wifi
It's just to force you to update and get garbage you don't need loaded alongside.
Still not updating to w11
Correction DOWNgrading to w11
fax
what microphones are you using there gents ?
Looks like the ElectroVoice RE-20
@@vertedintro thank you
Everytime there is a windows update, it isn't to fix the bugs they created in the first place. Its to upload all your stuff they've neatly stolen and packaged on your PC back to their server or to install more malware in case RECALL isnt ready for prime time yet.
my PC is hardwired directly into the ISP modem and it has no dongles or antennas whatsoever for wifi. so meh
I wonder if a plug and play dongle could suddenly make you vulnerable
@@hugofontes5708situationally yes, your version of windows could be processing the service frames which this CVE works via
@@hugofontes5708 Yes it does!
Physical proximity is not needed for wifi access with a directional antenna you can connect from very far away as far as 10~20km is possible with no special equipment just a very good highly directional antenna.
The saddest part is that I'm equally divided on thinking this threat 1) Doesn't exist. 2) Exists and an outside attacker is doing it, and 3) Exists and it's an inside scare tactic to get us to install spyware from a major corporation.
I used a PCMCIA WiFi card on windows 95 on a laptop. It is quite janky and you have to delve into the wierd config menus to set it up. But it works well
And if someone totally remotely manipulates a compromised router to broadcast this to every wifi-enabled Windows system within it's range? That magically becomes a 10/10 imo..
I don't know anything about linux but maybe it's time to start looking into it, wasn't there something with steam making something specifically for game compatibility on linux ?
Meanwhile win11 share shrinks yet again and win7 will get a fix for this soon enough
Why use wifi ? Use wire connection. It's faster
"We told you it wasn't supported." I want them to patch XP forever! Damn Microsoft.
But does the device need a wifi connection to be vulnerable? My wired PC is fine, right?
This type of vulnerability has existed for many years on cellphones as "Pegasus".
This seems like it's a PC version that is also created by a government.
linux user here, thanks for confirming my good decision to switch back when windows7 ended.
They’ve had A LOT of other high scoring CVEs over the last few weeks too. Something is going on at that company that needs correction asap.
I remember not getting an answer when I asked in the stream. Thanks for getting around to it. Sucked for people who use wifi in their Windows devices, I guess, maybe.
The box said Windows or better required, so I installed Linux .... ;-)
nobody cares.
why didn't you listen to the box
@@angelG14 i do
but which one for real
@@kender- the box
I'd push that update IF YOUR LAST SECURITY UPDATE DIDNT BREAK MY RECOVERY DRIVE
I guess my local hospital is screwed then, as they're still using Windows 7.
I accidentally discovered a way to block windows updates forever - simply dual-boot windows 10 and ubuntu on a dell laptop. Every time I start windows, it throws a tantrum because something else (grub) ran between shutdown and startup, and it won't even attempt to install any updates.
I haven't received any windows security patches in over a year. I just find it amusing.
That's an interesting note, I don't get that with systemd-boot+W11 (then again I only boot in once a year to run updates)
I used to dualboot win11 and arch then I got bored and nuked my windows partition a year or so back because yes.
You can imprison Windows inside a VM under Linux with GPU passthrough btw
Hmm.. There's a strange person in a car going up and down my street and they appear to be aiming and fiddling with some sort of electronic device at random homes...
I have a feeling that mcirosoft intentionally introduces attack vectors when they don't get their way. they probably aren't but makes ya think about the timing around recall and junk.
I'm quickly approaching the point where the hassle of running stuff not available on Linux in a vm under Linux is easier than dealing with windows...
And i don't know Linux.
You can connect to the internet using FreeDos/CPM (there are actually text based browsers that still work to an extent. Drivers might be an issue, though, so you'd likely have to scavenge an old NIC card like the Intel 10/100.
There's also some BBS's still around that have dial up connections, too, if you can't figure out ethernet.
Found out recently "secure folders" on android phones can be breached by cell carriers without any indication, all though it appears to be a bug.
Me without a wifi card: “Oh no! Anyway…”
Now I need to find the clip where Linus got wrecked by Windows ads.
Thankfully in my place every windows computer is connected via Ethernet cable.
No known exploits or code is in the wild just yet, so it's more of an internal disclosure rather than something actively being used widespread (outside of the usual intelligence agencies etc). Still good advice to update asap!
Maybe update to a more intrinsically secure OS.
@@malcaniscsm5184 why not update to not using a digital device at all
Keep in mind, the latest Windows update will put recall on your system. Make sure to turn it off in the settings, I can confirm you don't need a co-pilot PC for that feature, despite what they say. Is this a coincidence? Hmmm
So what is it? Dont update because MS snapshot has access to your data? Update because MS put a backdoor into your computer that's vulnerable if you didnt update to the snapshot system?
I think they're talking about a security update, not upgrading w10 to w11. However, at some point in the future they will be.
@@BoraHorzaGobuchul I have 11, I'm at an impasse of deciding to stay on 11 or switching to linux
@@elijahaitaok8624 on my pcs where it's 11 (the newer notebooks), it stays there until they start pushing their ai/recall stuff or similar garbage aggressively. Then it's Linux mint or some such
I file this under 'one more reason to not use wifi'
And this is why I use Linux, I always hold off on any updates with what I know truly to work, to be sure that newer stuff isn't buggy like what happened with xz... Even Microsoft's "up-streaming" isn't good, quite literally they're bad at it.
Nah. I started developing stuff recently. Leave a website plugin out of date for a week? Bam my website now has malware redirecting the users.
Fun. None of us use Wifi other than on our phones. So it's not applicable to me.
Is that another win for using lan cables instead of wifi?
So, this is a direct wifi attached to pc hack, not a router thing?
Ok but WIFi encryption is secure still? Secured home networks are a ok?
To fix all the bad things about windows 11 you can use your old laptop or computer and install windows server 2022 on it, setup active directory and create some simple policies. By default active directiry disables those ads and all the Gaming features, and generaly debloats your computer. Then let all the computers on the network join the domain and done you can use it normally + you can create a small net share on that server as well
[Smugly looking over at my ethernet cable]
Windows threatened this way to update these kind of update to promote there branding including some there beneficial features beware of these
*sips tea* can't have Wi-Fi hacked if your desktop doesn't have Wi-Fi
See i actually like *some* parts of windows, just familiarity. But i hate their privacy nonsense. I've used multiple flavors of linux before and i'm tech savvy, but honestly i'm not on my desktop much, its alot of work to switch.
Partitions are sooooooo annnoyyyying too, and alot of that is because windows of course. Pretty soon i tried Atlas OS and that works sooo much better for me, linux isn't perfect nor is atlas but the option is nice.
Atlas isn't perfect nor is linux but hey maybe i'll try to upgrade to an arc GPU and try linux again because the things i do nowadays should work, idk about audio drivers though because that and compatibility with ableton are kind of important to me hahaha
You guys should invite Low Level Learning into the Podcast whenever security vulnerabilities like this happen. He is amazing at making these super complicated attacks understandable for the average tech.
The only reason this was an 8.8 and not higher is because the attacker would need to be in wifi range.
join us now and share the software
My W11 isn't taking updates for ages
Is there even a surprise? That's what CVEs are for!
And that's why you should update your devices, it doesn't matter if it has Windows, macOS, Linux, Android, iOS, or whatever.
Escort carriers?
@@salohcin1000Common Vulnerabilities and Exposures. It's the categorization system used when grading vulnerabilities.
Yes, it's the fact that a major vulnerability does not need an account or interaction by the user to run arbitrary code, and can't be mitigated is pretty unusual. It sounds like something someone leaves there for the intelligence agencies, the police or to spy on his/her significant other.
But see the problem is that with every update they introduce more spyware, like it was super sad because my phone did a software update, and now sometimes it takes 3 seconds for the screen to turn on, sometimes 1, but before i'm pretty sure it turned on instantly. Which i wouldn't care about except it was fine before.
I'd like to use a password generator and a vpn, but well... I don't trust them right? We'd all like to be more secure, but whenever they make money off of selling our names and numbers then does anything else *really* matter. Of course it does to some people, like at some point i'll have the need and time and money to not be so bad with secuity but y'know just i wish updates werent aweful. Linux was usually actually helpful tho
Good thing i got desktops with no wifi adapters
1:50 damn.
I don't see how this isn't like a 9.5 or something. It allows a single infected computer to take over an entire network, and seemingly gain privileges that would otherwise be impossible to get (at least based off what they were saying with no user authentication or such. Or is Windows Server not effected or something? because the way it sounds is that one could get all admin privileges and all server privileges as long as the machine is running Windows.
edit: I guess it might be lower severity rating if most workstations and desktops and servers and such don't use Wi-Fi. But maybe more computers use it than I think.
I've never been more glad I saw this coming years ago and told msft to fuck off. Love my linux rig and runs all my games just fine. Ubuntu Studio with RTK and LACT.
Hot take: Microsoft introduced this vulnerability on purpose, so they could later patch it while introducing unpopular additional features.
Microsoft probably launches the attacks in the first place. Problem-solution. They have to do something to push people to update as no-one wants to give up Windows 10 as Windows 11 is so poxy.
Windows 11 is actually pretty good if you use StartAllBack to make it look like Windows 10.
No physical proximity is needed, only control over the WiFi Router and most of them are security fails on their own, some out of the box!
This issue with MSMQ goes back to 2014 or earlier with recommendation to stop the service and close 1801. The ONLY Windows platform where MSMQ should be running is on a dedicated Exchange server in a deep server environment with no WIFI. As for not currrently supported, just disable MSMQ - poof - problem solved.
This had to be used in public by governments, just never got caught being used its even wormable.
Something fundamental and critical like this should be open source so people can check and patch it rather than sitting on the bug for decades silently
Well, open source is not a silver bullet. There's just not going to be a sufficient number of people who check all the stuff all the time. With all the dependencies it's just not real.
@@BoraHorzaGobuchul amazing username collision here.
This isn't really inline with how OS stuff is used, when it's open source and used by corps it's checked as much by singleton enthusiasts as corporate auditors
If OS stuff was largely ignored and filled will vulnerabilities then the entire skeleton and muscles of the Internet would fall apart. In reality the OS parts are some of the most reliable and thoroughly examined whilst the proprietary parts are the ones resulting in a billion customer records leaked in a data breach even after an insider whistleblower told them the exact problem
@@ThePlayerOfGames nice meeting you too :)
Still, as the recent case with npm demonstrates, the process is far from bulletproof