โพสต์ดั้งเดิมโดย Crazy Tiger:

It's just a matter of preference, OP. Sometimes you like something so much, you intend to keep using it.

Sure, I can understand that. I was a huge fan of Windows 7 back in the day. That does not change the fact it is monolithic security risk as of today and that people cannot expect continued support for something that the developers have no further interest in.

โพสต์ดั้งเดิมโดย Stiletto:

โพสต์ดั้งเดิมโดย Komarimaru:

snip

Please stop personally attacking me just because you hold some sort of grudge.

i think this goes back to you not liking what is put up against your own comments...


as of today... no one from steam or steam customer/s has changed the
current status that requires you to have a supported OS to use your games in 2024...

โพสต์ดั้งเดิมโดย 76561198083019420:

โพสต์ดั้งเดิมโดย Komarimaru:

I'm not attacking you, you're doing everything to yourself thus far.

If you can ever present some actual truth or fact, just once... Then maybe others would listen to you.

yes you are

Ah, yes.... The troll of "Wrong"... By all means, join into the topic with some factual information or items of truth this time, if possible.

โพสต์ดั้งเดิมโดย 76561198083019420:

โพสต์ดั้งเดิมโดย Komarimaru:

I'm not attacking you, you're doing everything to yourself thus far.

If you can ever present some actual truth or fact, just once... Then maybe others would listen to you.

yes you are

Oh, You're still around figured they would have Community Banned you by now.

โพสต์ดั้งเดิมโดย 76561198083019420:

โพสต์ดั้งเดิมโดย .EteRnal.:

Oh, You're still around figured they would have Community Banned you by now.

its ok let all that anger out

you got me im so angry right now /s

In all seriousness do you just have nothing better to do? You never add anything constructive to any post you engage in.

โพสต์ดั้งเดิมโดย .EteRnal.:

โพสต์ดั้งเดิมโดย Zero:

It actually isn't a security nightmare. That's uneducated fearmongering nonsense.

You sure about that? Assuming no ESU license here are some of the security vulnerabilities currently unpatched on Windows 7
"Follana" Remote Code Execution CVE-2022-30190[nvd.nist.gov] CVSS Base Score: 7.8 High
"LDAP RCE" CVE-2022-30141[nvd.nist.gov] CVSS Base Score: 8.1 High
"Remote Procedure Call Runtime RCE" CVE-2022-26809[nvd.nist.gov] CVSS Base Score: 9.8 Critical

How about do some research?

Hello

CVE-2022-30190
Attack Vector Local
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
/------------------------
CVE-2022-30141
Attack Vector Network

This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
/---------------------
CVE 2022 26809
Attack Vector Network
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

Interresting and ?

โพสต์ดั้งเดิมโดย bidulless:

โพสต์ดั้งเดิมโดย .EteRnal.:

You sure about that? Assuming no ESU license here are some of the security vulnerabilities currently unpatched on Windows 7
"Follana" Remote Code Execution CVE-2022-30190[nvd.nist.gov] CVSS Base Score: 7.8 High
"LDAP RCE" CVE-2022-30141[nvd.nist.gov] CVSS Base Score: 8.1 High
"Remote Procedure Call Runtime RCE" CVE-2022-26809[nvd.nist.gov] CVSS Base Score: 9.8 Critical

How about do some research?

Hello

CVE-2022-30190
Attack Vector Local
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
/------------------------
CVE-2022-30141
Attack Vector Network

This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
/---------------------
CVE 2022 26809
Attack Vector Network
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
Interresting and ?

And what? It tells you right there. No permissions needed, system level access, able to install, change, delete data and create and modify accounts, all without the user knowing.

โพสต์ดั้งเดิมโดย bidulless:

โพสต์ดั้งเดิมโดย .EteRnal.:

You sure about that? Assuming no ESU license here are some of the security vulnerabilities currently unpatched on Windows 7
"Follana" Remote Code Execution CVE-2022-30190[nvd.nist.gov] CVSS Base Score: 7.8 High
"LDAP RCE" CVE-2022-30141[nvd.nist.gov] CVSS Base Score: 8.1 High
"Remote Procedure Call Runtime RCE" CVE-2022-26809[nvd.nist.gov] CVSS Base Score: 9.8 Critical

How about do some research?

Hello

CVE-2022-30190
Attack Vector Local
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
/------------------------
CVE-2022-30141
Attack Vector Network

This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
/---------------------
Attack Vector Network
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
Interresting and ?

Hello,

I didn't look very deep into the ones I picked besides Follina so im sure some of them aren't exploitable under normal conditions but I highly recommend anybody interested in the various vulnerabilities of Windows 7 to checkout CVE Details[www.cvedetails.com] NIST has lots of comprehensive information as well.


Edit: Keep in mind some people on Windows 7 might be using ESU which patches up to Jan 2023.

โพสต์ดั้งเดิมโดย .EteRnal.:

โพสต์ดั้งเดิมโดย bidulless:

Hello

CVE-2022-30190
Attack Vector Local
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
/------------------------
CVE-2022-30141
Attack Vector Network

This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
/---------------------
Attack Vector Network
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
Interresting and ?

Hello,

I didn't look very deep into the ones I picked so im sure some of them aren't exploitable under normal conditions but I highly recommend anybody interested into the various vulnerabilities of Windows 7 to checkout CVE Details[www.cvedetails.com] NIST has lots of comprehensive information as well.

As someone who gets to check the "sheets" every night for this stuff at work, the list is quite vast, with currently I believe 2 new ones as of last Thursday that are still being investigated and not been properly sent through to be validated. Well over 400 known vulnerabilities for Windows 7 that remain unpatched.

โพสต์ดั้งเดิมโดย Komarimaru:

โพสต์ดั้งเดิมโดย .EteRnal.:

Hello,

I didn't look very deep into the ones I picked so im sure some of them aren't exploitable under normal conditions but I highly recommend anybody interested into the various vulnerabilities of Windows 7 to checkout CVE Details[www.cvedetails.com] NIST has lots of comprehensive information as well.

As someone who gets to check the "sheets" every night for this stuff at work, the list is quite vast, with currently I believe 2 new ones as of last Thursday that are still being investigated and not been properly sent through to be validated. Well over 400 known vulnerabilities for Windows 7 that remain unpatched.

Hello

Have you tryed to reproduce them ? because checking them at ms-advisory and trying to apply it seems a bit different no ?
Aslo using windows in an enterprise envirroment is kinda different that using it like any jo at home .
Thx for the link .eternal.
That's massive ,)

โพสต์ดั้งเดิมโดย bidulless:

โพสต์ดั้งเดิมโดย Komarimaru:

As someone who gets to check the "sheets" every night for this stuff at work, the list is quite vast, with currently I believe 2 new ones as of last Thursday that are still being investigated and not been properly sent through to be validated. Well over 400 known vulnerabilities for Windows 7 that remain unpatched.

Hello

Have you tryed to reproduce them ? because checking them at ms-advisory and trying to apply it seems a bit different no ?
Aslo using windows in an enterprise envirroment is kinda different that using it like any jo at home .
Thx for the link .eternal.
That's massive ,)

I personally have not, I don't do pen testing I would love to learn more about it though.

โพสต์ดั้งเดิมโดย .EteRnal.:

โพสต์ดั้งเดิมโดย bidulless:

Hello

Have you tryed to reproduce them ? because checking them at ms-advisory and trying to apply it seems a bit different no ?
Aslo using windows in an enterprise envirroment is kinda different that using it like any jo at home .
Thx for the link .eternal.
That's massive ,)

I personally have not, I don't do pen testing I would love to learn more about it though.

Hello

Same as myself i just check what new from time to time but not really follow that

But it seems we have an expert that surelly will be kind anough to share with us it knowledge about the 3 csv that was listed.

just ignore these people, in the end one of two things will happen

1. they dont upgrade and cant use steam in 2024, no more posts from them
2. they go offline to keep using steam on windows 7, no more posts from them

โพสต์ดั้งเดิมโดย bidulless:

โพสต์ดั้งเดิมโดย Komarimaru:

As someone who gets to check the "sheets" every night for this stuff at work, the list is quite vast, with currently I believe 2 new ones as of last Thursday that are still being investigated and not been properly sent through to be validated. Well over 400 known vulnerabilities for Windows 7 that remain unpatched.

Hello

Have you tryed to reproduce them ? because checking them at ms-advisory and trying to apply it seems a bit different no ?
Aslo using windows in an enterprise envirroment is kinda different that using it like any jo at home .
Thx for the link .eternal.
That's massive ,)

They wouldn't be listed, if not reproducible.

To clarify, once a CVE found (Common Vulnerabilities and Exposures classification) It's then submitted to a group of CNA (CVE Number Authorities) to study it and figure out what caused it and the solution to fix it.

CNA being, many many tech companies working together to resolve the problem. From AMD to Microsoft. A list of such companies here.
https://www.cve.org/PartnerInformation/ListofPartners

โพสต์ดั้งเดิมโดย Komarimaru:

โพสต์ดั้งเดิมโดย bidulless:

Hello

CVE-2022-30190
Attack Vector Local
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
/------------------------
CVE-2022-30141
Attack Vector Network

This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
/---------------------
CVE 2022 26809
Attack Vector Network
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
Interresting and ?

And what? It tells you right there. No permissions needed, system level access, able to install, change, delete data and create and modify accounts, all without the user knowing.

^This, as sure not all reports are the same level of threat, but if you get things that bypass basically everything, that is a problem, and want to avoid things like RCE.

For a simplified visual example for those that don't know what RCE does, so the person create little thing where it collects the data, and then replaces data changing the game itself, again this is just to dumb things down so have an idea how bad it can be, which is really bad.
https://www.youtube.com/watch?v=e8CO_e_rKd8