Self-presentation in interracial setting: Competence downshift by White liberals (pubmed.ncbi.nlm.nih.gov)

1 points by ryandv 1m ago 0 comments

How AI on Microcontrollers Actually Works: The Computation Graph (danielmangum.com)

1 points by hasheddan 1m ago 0 comments

Hiring [Remote] Senior ReactJS Developer

1 points by minhmetadata 3m ago 0 comments

SEO Tool for Small Business (seotic.co)

1 points by zawtin 7m ago 0 comments

Warmer spots within fields have more blooms and more bees, researchers discover (phys.org)

1 points by PaulHoule 8m ago 0 comments

Topographic Neural Networks Help AI See Like a Human (spectrum.ieee.org)

1 points by rbanffy 8m ago 0 comments

The Tandy Corporation, Part 2 (abortretry.fail)

1 points by rbanffy 9m ago 0 comments

We Need AI Systems That Can Govern Themselves (cacm.acm.org)

1 points by rbanffy 9m ago 1 comments

Essential and Accidental Configuration (jfmengels.net)

1 points by todsacerdoti 10m ago 0 comments

My Apple iBook G4 hardware upgrades (sizeof.cat)

1 points by OuterVale 10m ago 0 comments

Every AI Integration Is Held Together with Parsing Logic and Prayer (blog.dottxt.co)

2 points by remilouf 13m ago 0 comments

A job queue in two lines of JavaScript (jameshfisher.com)

1 points by chmaynard 15m ago 0 comments

Image Optimization for Next.js with Imgproxy (imgproxy.net)

1 points by DarthSim 15m ago 0 comments

Univention Corporate Server (en.wikipedia.org)

1 points by doener 16m ago 0 comments

Ad blockers may be showing users more problematic ads, study finds (engineering.nyu.edu)

1 points by XzetaU8 16m ago 0 comments

What is my fuzzer doing? How to get coverage of Rust code (tweedegolf.nl)

1 points by fanf2 16m ago 0 comments

Show HN: Crowdcruit – A Crowd-Sourced Cybersecurity Hiring Platform (crowdcruit.com)

1 points by vagmour 18m ago 1 comments

KDE's native virtual machine manager, Karton, nears stable release (neowin.net)

3 points by bundie 21m ago 0 comments

Show HN: I Built Fluent – macOS AI Writing Assistant (epicbits.net)

1 points by importnil 23m ago 0 comments

Wild Orcas Filmed Offering Gifts of Food to Humans (sciencealert.com)

2 points by ColinWright 26m ago 1 comments

Why Are Blinkers or Turn Signals Called 'Indicators' in England? (slashgear.com)

1 points by Bluestein 26m ago 1 comments

Docker Offload: Local AI Without the Laptop Meltdown (medium.com)

1 points by fossa1 27m ago 0 comments

RFC 9309 – Robots Exclusion Protocol (datatracker.ietf.org)

2 points by tosh 29m ago 0 comments

Show HN: Pit – View PNG/JPG images directly in the terminal (no ASCII art)

2 points by FerkiHN 30m ago 3 comments

Monitoring My Homelab, Simply (b.tuxes.uk)

3 points by Bogdanp 30m ago 0 comments

OpenAI to release web browser in challenge to Google Chrome (cnbc.com)

5 points by kjhughes 33m ago 1 comments

Burkina Faso's only eye doctor for children sees the trauma of play and conflict (apnews.com)

1 points by mooreds 37m ago 0 comments

The Narrowest Definition of Ambition (rawsignal.ca)

1 points by mooreds 39m ago 1 comments

Windows 11 25H2 adds OS debloating tool (patchmypc.com)

2 points by alok-g 39m ago 0 comments

Show HN: Drumtabs – Online drum tablature editor (drumtabs.app)

2 points by VincentCordobes 39m ago 0 comments

Calculator Grow a Garden (calculatorgrowagarden.site)

1 points by ychnlt 41m ago 1 comments

Four arrested over cyber-attacks on M&S, Co-op and Harrods (theguardian.com)

2 points by ndsipa_pomu 41m ago 0 comments

Browser extensions turn nearly 1M browsers into website-scraping bots (arstechnica.com)

1 points by chha 45m ago 0 comments

HRM: 27M parameters, 1000 training samples, no pre-training required (arxiv.org)

1 points by mountainview 46m ago 0 comments

Inymbus (inymbus.com)

1 points by inymbuss 46m ago 0 comments

At last, a use case for AI agents with sky-high ROI: Stealing crypto (theregister.com)

15 points by rntn 47m ago 2 comments

Building Seamless User Journeys: Your Guide to React Onboarding with OnboardJS (onboardjs.com)

1 points by somafet 49m ago 1 comments

Mecha-Hitler, Grok, and why it's so hard to give LLMs the right personality (seangoedecke.com)

1 points by rbanffy 50m ago 0 comments

Monorail: Pioneering $999 PCs from 1996 (dfarq.homeip.net)

2 points by rbanffy 50m ago 0 comments

Quantum battery model achieves theoretical speed limit (phys.org)

1 points by TMEHpodcast 51m ago 0 comments

The AI Bubble Is Real. So Is the AI Revolution – By OMC (omc345.substack.com)

2 points by rbanffy 51m ago 0 comments

Galois field instructions on 2021 CPUs (corsix.org)

1 points by weinzierl 54m ago 0 comments

Ask HN: Do you think GEO will demand fresh training and education?

1 points by swithek 54m ago 0 comments

Check out how live classroom experience can be brought on autopilot

1 points by kp_arch 55m ago 1 comments

floccinaucinihilipilification (en.wiktionary.org)

1 points by weinzierl 56m ago 0 comments

Swiss boffins tease 'fully open' LLM trained on Alps super (theregister.com)

2 points by LorenDB 57m ago 0 comments

Folio: Your Pocket Replacement (savewithfolio.com)

2 points by robin_reala 59m ago 0 comments

Magic .env files built for sharing: Human-first, AI-friendly (varlock.dev)

2 points by mooreds 59m ago 0 comments

Recovering Corrupt Zip Files (construct.net)

3 points by AshleysBrain 59m ago 1 comments

Show HN: Supadex – Mobile Dashboard for Supabase (supadex.app)

1 points by guiolmar 1h ago 0 comments

Unpatchable Vulnerabilities in Windows 10/11: Security Report 2025

4 vinhatson 5 7/9/2025, 6:21:44 PM zenodo.org ↗

Comments (5)

vinhatson · 17h ago

This comprehensive security report investigates unpatchable vulnerabilities in Windows 10 and 11, focusing on systemic flaws that resist traditional patching due to their deep integration into the operating system’s architecture, hardware dependencies, and legacy compatibility require ments. These vulnerabilities, rooted in fundamental design choices and ecosystem constraints, pose significant challenges to securing millions of Windows devices worldwide. The report ex amines three critical vulnerabilities: legacy BIOS/UEFI firmware weaknesses, kernel memory management flaws, and backward compatibility with legacy protocols. It provides a detailed technical analysis, exploitation vectors, detection challenges, and comprehensive mitigation strategies. With Windows 10 approaching its end-of-support deadline in October 2025, these flaws pose heightened risks, necessitating proactive defenses. This report adheres to responsi ble disclosure principles and aims to support Microsoft’s efforts to strengthen Windows security in 2025.

p_ing · 17h ago

Interesting that the report calls out SMBv1 which is disabled by default in Windows 11. I suppose you could have an exploit that triggered SMBv1 optional feature install, but you already have local admin rights at that point.

SMBv1 has effectively been removed for modern clients and thus is not 'unpatchable'.

Encryption is on-by-default with SMBv3, I believe.

So some of these mitigations are already in place. I'm sure the UEFI issues will always persist, that's not a Microsoft issue per se, and I assume the kernel memory management potential vulnerabilities are still present, though the author doesn't offer any concrete proof in the report that these are exploitable as of today.

vinhatson · 16h ago

This is my first public article on security. I have several reports certified by MSRC as unpatchable vulnerabilities. However, from a legal standpoint, I'm not yet clear on the reasonable limits of technical detail for publishing these reports. Therefore, I'm just testing the waters first. I will find a way to gradually publish them from an academic perspective but am currently considering how to avoid legal consequences.

p_ing · 12h ago

Ah yep, follow your NDAs/refer to a lawyer.

Good luck, I like the report format! Hopefully we hear from you again on the truly nasty vulnerabilities.

vinhatson · 16h ago

Thank you