This comprehensive security report investigates unpatchable vulnerabilities in Windows 10 and
11, focusing on systemic flaws that resist traditional patching due to their deep integration into
the operating system’s architecture, hardware dependencies, and legacy compatibility require
ments. These vulnerabilities, rooted in fundamental design choices and ecosystem constraints,
pose significant challenges to securing millions of Windows devices worldwide. The report ex
amines three critical vulnerabilities: legacy BIOS/UEFI firmware weaknesses, kernel memory
management flaws, and backward compatibility with legacy protocols. It provides a detailed
technical analysis, exploitation vectors, detection challenges, and comprehensive mitigation
strategies. With Windows 10 approaching its end-of-support deadline in October 2025, these
flaws pose heightened risks, necessitating proactive defenses. This report adheres to responsi
ble disclosure principles and aims to support Microsoft’s efforts to strengthen Windows security
in 2025.
p_ing · 19h ago
Interesting that the report calls out SMBv1 which is disabled by default in Windows 11. I suppose you could have an exploit that triggered SMBv1 optional feature install, but you already have local admin rights at that point.
SMBv1 has effectively been removed for modern clients and thus is not 'unpatchable'.
Encryption is on-by-default with SMBv3, I believe.
So some of these mitigations are already in place. I'm sure the UEFI issues will always persist, that's not a Microsoft issue per se, and I assume the kernel memory management potential vulnerabilities are still present, though the author doesn't offer any concrete proof in the report that these are exploitable as of today.
vinhatson · 19h ago
This is my first public article on security. I have several reports certified by MSRC as unpatchable vulnerabilities. However, from a legal standpoint, I'm not yet clear on the reasonable limits of technical detail for publishing these reports. Therefore, I'm just testing the waters first. I will find a way to gradually publish them from an academic perspective but am currently considering how to avoid legal consequences.
p_ing · 15h ago
Ah yep, follow your NDAs/refer to a lawyer.
Good luck, I like the report format! Hopefully we hear from you again on the truly nasty vulnerabilities.
SMBv1 has effectively been removed for modern clients and thus is not 'unpatchable'.
Encryption is on-by-default with SMBv3, I believe.
So some of these mitigations are already in place. I'm sure the UEFI issues will always persist, that's not a Microsoft issue per se, and I assume the kernel memory management potential vulnerabilities are still present, though the author doesn't offer any concrete proof in the report that these are exploitable as of today.
Good luck, I like the report format! Hopefully we hear from you again on the truly nasty vulnerabilities.