0patch Archives

Winsage

February 20, 2025

Can’t quit Windows 10? You can pay Microsoft for updates after October, or try these alternatives

An ESU subscription allows customers to receive updates automatically through Windows Update, with updates also available for individual download via the Microsoft Update Catalog. Customers can set reminders to check for updates after their release, typically on the second Tuesday of each month. For a more streamlined approach, the third-party service 0patch offers critical security patches for Windows 10 for at least five years after the end-of-support date, costing between and per PC annually. 0patch provides "micropatches" for vulnerabilities discovered after October 14, 2025, which are small and applied to running processes without altering Microsoft's original files. Unauthorized alternatives, like PowerShell activation scripts from the Massgrave hacking collective, allow users to bypass Microsoft's licensing agreements for a free three-year ESU subscription, but using these scripts is illegal and poses significant risks to businesses.

Winsage

February 17, 2025

Windows 10: ESU-bypass to extend updates is working already reportedly

Microsoft will end support for Windows 10 in October 2025, which will result in the loss of crucial updates and security patches for users. The Extended Security Updates (ESU) program, initially for Windows 7, has been expanded to include Windows 10 home users, allowing a one-year extension for a fee, while business customers can extend support for three years or more. There are methods discovered that allow users to bypass the ESU for Windows 7, enabling updates for five years post-support. Preliminary tests suggest a similar bypass may be possible for Windows 10, allowing updates after the official end of support in October 2024, but the legal implications are unclear. Users unable to upgrade to Windows 11 due to hardware requirements must consider options like the ESU program or micro-patching services such as 0Patch, which offers security patches for Windows 10 until at least 2030 for an annual fee.

Winsage

February 5, 2025

Windows 10 on the brink of extinction: This is how vulnerable you really are!

Microsoft will cease support for Windows 10 in October 2025, meaning new security vulnerabilities will not be patched, increasing exposure to threats. Cybercriminals are expected to target Windows 10, which still has over 60% market share, making it an attractive target. ESET estimates that around 32 million PCs in Germany are still using Windows 10. Users can opt for the Extended Security Updates program for an additional cost, extending updates until October 2026, or use 0Patch for updates until 2030. Windows 10 IoT Enterprise LTSC 2021 will receive updates until 2032, but its use as an office PC is restricted. Users are encouraged to upgrade to Windows 11 where hardware compatibility exists for ongoing security updates and new features.

Winsage

December 17, 2024

If your Windows 10 PC can’t be upgraded, you have 5 options before time runs out

The end-of-support date for Windows 10 is October 14, 2025, after which users will not receive any updates, including security fixes. Microsoft will not extend support, and the final version, 22H2, will receive monthly security updates until that date. Users can choose to continue using Windows 10, buy new hardware, transition to a Linux distribution, pay for Extended Security Updates (ESUs), or attempt to upgrade incompatible hardware to Windows 11. ESUs are available at a cost, with pricing increasing over three years. There are methods to upgrade to Windows 11 on incompatible systems, including registry edits and using tools like Rufus.

Winsage

December 10, 2024

Microsoft NTLM Zero-Day to Remain Unpatched Until April

Microsoft has issued new guidance to help organizations defend against NTLM relay attacks following the discovery of a zero-day vulnerability affecting all versions of Windows Workstation and Server, from Windows 7 to Windows 11. This vulnerability allows attackers to capture NTLM credentials by tricking users into opening a malicious file. Microsoft has classified the vulnerability as having moderate severity and expects a fix to be rolled out in April. This is the second NTLM credential leak zero-day reported to Microsoft by ACROS Security since October. Microsoft has updated its guidance on enabling Extended Protection for Authentication (EPA) by default on LDAP, AD CS, and Exchange Server to mitigate NTLM-related vulnerabilities.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 9, 2024

Zero-day Windows NTLM hash vulnerability gets patched by third-party —credentials can be hijacked by merely viewing a malicious file in File Explorer

In June 2023, Microsoft announced the deprecation of the NTLM authentication protocol and recommended transitioning to the Windows Negotiate protocol. Security firm 0Patch discovered a new vulnerability in NTLM that allows credential hijacking by merely viewing an infected folder. Patches for Windows 11 are expected soon, but older systems like Windows 7 remain vulnerable. Windows 10 is nearing its end-of-life phase in October 2024, and users may need a paid support plan for continued coverage. 0Patch has not reported any attacks exploiting this NTLM issue in the wild, and their micropatch addresses a specific vulnerable NTLM instruction. However, this patch is unofficial, and users should consider their risk tolerance before installation.

Winsage

December 7, 2024

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Strikes

A zero-day vulnerability has been discovered by researchers at Acros Security, affecting all versions of Windows from 7 to 11 and Windows Server 2008 R2 and later. This vulnerability targets the Windows NT LAN Manager and allows attackers to obtain a user's NTLM credentials by having the user view a malicious file in Windows Explorer. Currently, there is no official patch from Microsoft. The 0patch platform has released a free "micropatch" for users to protect their systems until an official fix is available.

Winsage

December 7, 2024

All Windows 11, 10, Server versions affected by a new zero day, unofficial patch out

Windows 11's latest feature update, version 24H2, is being extended to more systems. A new zero-day vulnerability discovered by cybersecurity firm 0patch affects all Windows clients, including Windows 11 version 24H2 and various server editions, allowing attackers to steal NTLM credentials by having users view a malicious file in Windows Explorer. The vulnerability impacts all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. Windows Server 2025 is currently undergoing compatibility testing and is not yet affected. Microsoft is phasing out NTLM and encourages users to transition to more secure alternatives. Users can obtain a patch for the vulnerability by registering for a free account at 0patch Central.

Winsage

December 6, 2024

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A newly discovered zero-day vulnerability allows attackers to capture NTLM credentials from Windows users by simply viewing a malicious file in File Explorer. This flaw affects multiple Windows versions, including Windows 7, Server 2008 R2, and Windows 11 24H2, and has been reported to Microsoft, but no official fix has been issued. The exploit triggers an outbound NTLM connection to a remote share, leading to the automatic transmission of NTLM hashes associated with the logged-in user, which can be intercepted and cracked for unauthorized access. 0patch has previously reported two other unresolved vulnerabilities to Microsoft and will offer a micropatch for this issue free of charge until an official fix is provided. Users can also disable NTLM authentication as an alternative solution.