News New Windows Installer Zero-Day Exploit Is in the Wild

USAFRet

Titan
Moderator
Exactly my point. Forcing users, including some that may not have the expertise, to all the extra steps and probably issues and errors, just to enable something thats shouldn't be mandatory.
But....the TPM can ward off other issues.

Security is built in layers. TPM is one of those layers.


And given recent hardware, there are few if any 'hoops' to jump through for Win 11.
Given new hardware sold today, NO hoops at all.
 
But....the TPM can ward off other issues.

Security is built in layers. TPM is one of those layers.


And given recent hardware, there are few if any 'hoops' to jump through for Win 11.
Given new hardware sold today, NO hoops at all.

An we could buy or use any TPM funcionality since when? years ago, same as secure boot.

Anyone who wanted to take advantage of both could do it, no need of Windows 11 either. But now they decided to make it mandatory. And yes I know there are works around. But still it shouldn't be.

This is just another move from MS to make people and business who may think this will keep their PCs and network safe, to go out and spend a lot of money on new hardware (with Win 11), when the weakest link in the security chain is always the user.

But yeah I agree with you 100%. But I been sick and mad about this for months. Because in the end this creates a false sense of security.
 
Last edited:

Gillerer

Distinguished
Sep 23, 2013
360
81
18,940
An we could buy or use any TPM funcionality since when? years ago, same as secure boot.

Anyone who wanted to take advantage of both could do it, no need of Windows 11 either. But now they decided to make it mandatory. And yes I know there are works around. But still it shouldn't be.

This is just another move from MS to make people and business who may think this will keep their PCs and network safe, to go out and spend a lot of money on new hardware (with Win 11), when the weakest link in the security chain is always the user.

But yeah I agree with you 100%. But I been sick and mad about this for months. Because in the end this creates a false sense of security.

I'd rather think it's more a move by Microsoft to make a clean break and clearly distinguish between the
  • "does not require TPM" era Windows 10 and
  • "does require TPM" era Windows 11
among other more noticeable changes that also took place. (Also the shiny "new" thing to use for marketing new computers, which helps make MS's partners happy.)

Having a completely new Windows version is much easier to communicate to customers - going as far as having "Windows 11" stickers on new products. Computer manufacturers also have easier time announcing "support for Windows 11" on a recent laptop than some obscure version of Windows 10.

Imagine having to check the version number... "'21H1' - what is that?" Most people have never even heard about it, paid any attention, or were overwhelmed enough the update process to not be able to absorb it.
 
I'd rather think it's more a move by Microsoft to make a clean break and clearly distinguish between the
  • "does not require TPM" era Windows 10 and
  • "does require TPM" era Windows 11
among other more noticeable changes that also took place. (Also the shiny "new" thing to use for marketing new computers, which helps make MS's partners happy.)

Having a completely new Windows version is much easier to communicate to customers - going as far as having "Windows 11" stickers on new products. Computer manufacturers also have easier time announcing "support for Windows 11" on a recent laptop than some obscure version of Windows 10.

Imagine having to check the version number... "'21H1' - what is that?" Most people have never even heard about it, paid any attention, or were overwhelmed enough the update process to not be able to absorb it.

Of course is easy to sell. Whatever the "end" is/was, the result is the same, more money for them. You can use TPM and Secureboot on Win 10 (unless you own a really old PC without a TPM chip or compatible CPU with its funcionality), no need for 11.

We have over 4000 PC at work they all support and already have TPM and Secure Boot enable (been that way for years). Im just mad people with no knowladge gets the wrong idea about this kind of stuff and may feel secure, when they are not.
 

wifiburger

Distinguished
Feb 21, 2016
613
106
19,190
There is no 100% secure. Never has been, never will be.
TPM is one added layer in this security realm.

there's not much "TPM" security layer in Windows 11

hello login (webcam), disk encryption & secure boot... yeah not much help there for protection against exploits once your OS is already booted / working !
 

watzupken

Reputable
Mar 16, 2020
1,007
505
6,070
TPM, or any other security measure, does not protect against everything.
There will always be exploits.
I feel even TPM may have its vulnerabilities. I don't believe there is a bullet/fool proof product out there.

In any case, Windows have been carried over for decades. Over the years, MS is mostly putting a cleaner UI on top of the aged foundation with each iteration of Windows. In fact I believe some of these aged functions UI are still accessible in Windows, though MS have been making an effort to hide them. And as a result of all these cosmetic changes, I feel the OS is actually very bloated, and with the bloat, also potentially a lot of vulnerabilities. The same can be said for any OS out there, but the point Windows is the predominant OS that individual/ corporate uses. MS should first invest in rectify vulnerabilities and bugs, instead of beautifying the OS, and in the process, create more bugs and vulnerabilities.
 

MasterMadBones

Distinguished
Every security measure is part of a bigger puzzle. Most people won't need even most of them, but they all address potential vulnerabilities with using a device in a certain way. The fact that you don't need it doesn't speak for everyone else.

On another note, Microsoft's response seems incredibly lax when this exploit can be inserted into an installer package. "The access and ability to run code" is given by the user by opening the file.