Microsoft Update Warning—70% Of All Windows Users Now At Risk (2024)

Updated August 6 with new key-logging warnings for Windows users.

This has not been a good few weeks for Microsoft. Fresh from the Recall recoil, CrowdStrike struck, with various ups and downs with Copilot momentum in between. But the constant throughout has been an impending security nightmare for the vast majority of its Windows users, now just months away.

We’re talking Windows 10, of course, and the staggeringly painful campaign to warn hundreds of millions of holdouts that they need to upgrade to Windows 11. Back in June, I reported on the latest Microsoft nag—a full-screen warning that “end of support for Windows arrives on October 14, 2025; this means your desktop won’t receive technical support or security updates after that date.”

ForbesSamsung Issues Critical Update For Millions Of Galaxy Users-Google Confirms New AttacksBy Zak Doffman

If there was any doubt as to the real danger in leaving Windows unprotected, then Monday’s US government warning should quickly change minds. A 2018 Windows vulnerability has been added to its Exploited Vulnerability (KEV) catalog. “Microsoft COM for Windows,” CISA warns, “contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution.”

Users have been given until August 26 to patch or cease using Windows systems. Clearly, this 2018 vulnerability does not impact Windows 11, nor any other Windows system updated in the last six years. The Windows 10 risk, though, is real.

MORE FROMFORBES ADVISOR

Best High-Yield Savings Accounts Of 2024ByKevin PayneContributor
Best 5% Interest Savings Accounts of 2024ByCassidy HortonContributor

The prompt for CISA’s warning appears to be an August Cisco Talos report claiming that a Chinese hacking group with links to the country’s Ministry of State Security may have successfully exploited CVE-2018-0824 as part of an attack on a government research center in Taiwan. The center was “likely compromised,” Talos says.

“APT41 is a prolific and dangerous threat actor that all users and cybersecurity practitioners should be keeping track of,” Talos warns. “APT41 created a tailored loader to inject a proof of concept for CVE-2018-0824, a remote code execution vulnerability in Microsoft COM for Windows, directly into memory to achieve local privilege escalation… Users should ensure all Windows systems are up to date to the latest version to protect against this vulnerability.”

If CVE-2018-0824 and APT41 all sounds a bit niche and unlikely to target your own Windows PC at home, then SnakeKeylogger is quite the opposite. The Register warns that “criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.”

“Its arsenal includes keystroke logging, harvesting credentials, and capturing screenshots,” Fortinet’s security research team warned this month of the SnakeKeyLogger trojan threat to Windows users. “Based on the FortiGuard telemetry, there were hundreds of 0-day detection hits. Moreover, the sites that the trojan connects to were queried several times which suggests infection.”

While this hasn’t surfaced into a full scale zero-day warning as yet—more variations on a theme, it’s yet another reminder as to potential Windows vulnerabilities if the OS is not tightly managed. SnakeKeylogger targets users by way of malicious downloads, shared over email through phishing campaigns.

Back in 2022, Check Point Research warned that SnakeKeyLogger “is usually spread through emails that include docx or xlsx attachments with malicious macros, however this month researchers reported that SnakeKeylogger has been spread via PDF files. Users are advised to maintain good antivirus software and attachment scanning, as well as to beware the attachments the download and open to keep safe.

Putting aside CVE-2018-0824 being woken from the dead and the much more current SnakeKeyLogger RAT, the real challenge for many Windows 10 users is more one of hardware than the softer UI side of their Windows OS. If their machines are not suitable for Windows 11—as many are not, then they find themselves in an upgrade trap, having to buy new hardware for no ostensibly good reason other than Windows 10 coming off support. This becomes a resentful purchase to say the least.

But we are where we are. Windows hasn’t changed its stripes, and nor has Microsoft’s approach. The threats disclosed this week are serious in themselves, but they’re also further good examples as to why the prospect of hundreds of millions of Windows users heading towards end-of-support is a security nightmare.

Maybe, just maybe, users are now starting to listen—albeit not enough, not nearly fast enough. As Windows specialist Neowin has just reported, “in July 2024, Windows 11 hit an important milestone: for the first time since its launch in October 2021, the operating system crossed the 30% market share mark.” Just. With the latest stats from Statcounter showing better than 7% year-over-year growth for Windows 11.

But that means that more than twice as many Microsoft Windows users are still not using Windows 11 than those that are. Even now. Three-years post launch.

Window 11 isn’t at all new, and all those converts and non-converts know its pros and cons; so setting aside a Copilot AI-driven boost, the question is whether this is a trend or a blip. Certainly, when you look at Statcounter’s Windows 10 chart decline over the last year (above), the line chart is not something you could ski down. Similarly, Windows 11 growth is an easy stroll up a gently slope, to put it mildly.

ForbesFBI Issues New Warning If You Buy Crypto From An ExchangeBy Zak Doffman

And so, while it’s clearly good news that there’s some movement, the reality looks worrying. There will be some accelerated shifting to Windows 11 in the coming months ahead of their October 2025 end-of-life, and there will be some companies and home users (when it’s available) taking up extended paid support. But there will also be many millions of users coming off support and taking the risk. With plenty of headlines fueling the reluctance, this problem isn’t going away (1,2,3).

Take a look at Reddit or even the comments to this article and you’ll see the large body of Windows users opinion that is waiting for Microsoft to pull a late rabbit from the hat and extend Windows 10 support. Quite how that will land with all those who have made the investment to upgrade remains to be seen.

Given the experience of recent weeks, with those global images of blue screens of death all around, come next October, this could be a hackers’ paradise for some time at least. The other factor that will play will be bad actors taking advantage of the bad situation and mailing out scam after scam to target worried Windows 10 users.

Expect to see plenty of that through 2025.

Microsoft Update Warning—70% Of All Windows Users Now At Risk (2024)

FAQs

Which Windows Update is causing problems? ›

Annoyingly, update KB5034765 caused error messages that appeared to be PC memory-related sending users on wild goose chases when troubleshooting their devices. If you suddenly experience similar problems to those described above, it's worth seeing if the update has been recently installed on your PC.

What would cause Microsoft Windows Update to fail? ›

User intervention or interruptions – If you interrupt the update process, by restarting the computer or shutting it down prematurely, it can cause failures. This also applies to power surges or hardware failures that cause sudden shutdowns. It is crucial to allow the update process to complete.

Does Windows 10 have Microsoft recall? ›

To utilize Recall in a Windows app, the following requirements must be met: Currently available only on the new Copilot+ PC. User Activity is supported in Windows SDK version 10.0. 17134.0 (Windows 10, version 1803, Build 17134) or later.

What is the problem with Windows 10 update April 2024? ›

VPN connections might fail after installing the April 2024 security update,” the company has warned. While the bug also hits Windows Server, it is home and mobile users on desktops and laptops that will likely be the most heavily impacted.

Is there a Windows Update virus? ›

Protect Yourself From the Windows Update Virus

This fake Windows update virus can result in a major compromise of personal data to unsuspecting users. The good news? It's easy to protect yourself. The first thing to remember is that ISO files should only be downloaded directly from the Windows website itself.

How to fix a bad Windows Update? ›

What do I do if Windows update failed?
  1. Run the Windows Update troubleshooter. ...
  2. Repair the Windows system files. ...
  3. Disable the antivirus and third-party programs. ...
  4. Reset the Windows Update service. ...
  5. Manually download and install the updates. ...
  6. Rollback the update. ...
  7. Use the Advanced Boot Options.

How do I fix Microsoft update problems? ›

Troubleshooting checklist
  1. Step 1: Run the diagnostic tool for your version of Windows. ...
  2. Step 2: Restart the computer. ...
  3. Step 3: Install the latest servicing stack update. ...
  4. Step 4: Check for and fix any Windows file corruption. ...
  5. Step 5: Download the update package and try to install the update manually.
Feb 19, 2024

How do I get rid of a Windows Update that is failing? ›

If you've recently installed a Windows update and you are having a problem, here's how to uninstall the update to try to resolve the issue: Select the Start button, then select Settings > Update & Security > Windows Update > View update history > Uninstall updates.

Is Microsoft discontinuing Windows 10? ›

Windows 10 Home and Pro follows the Modern Lifecycle Policy. Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date.

Is Microsoft closing Windows 10? ›

Support for Windows 10 will end in October 2025

After 14 October 2025, Microsoft will no longer provide security updates or technical support for Windows 10. Your PC will still work, but we recommend moving to Windows 11.

Will Microsoft really stop supporting Windows 10? ›

After October 14, 2025, Microsoft will no longer provide security updates or technical support for Windows 10.

Is there a problem with Windows 11 update? ›

The June non-security preview update might cause devices to restart repeatedly. After installing updates released June 26, 2024 (KB5039302), some devices might fail to start. Affected systems might restart repeatedly and require recovery operations in order to restore normal use.

What is the Windows 11 update February 2024 issue? ›

Windows 11 devices attempting to install the February 2024 non-security update, released February 29, 2024, might face issues during the update process. The installation might fail when the update's download reaches 96% of completion, and the device might roll back to the previous update installed.

What is the Windows 10 bug 2024? ›

According to the support article The June non-security preview update might cause devices to restart repeatedly, preview update KB5039302 from June 26, 2024 causes some devices to stop booting. Affected systems may restart repeatedly and require recovery operations to restore normal use.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Rubie Ullrich

Last Updated:

Views: 5449

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.