As always, use the information provided with care. As the article shows globally Microsoft is not a company who cares about much in regard to the climate. Nor their direct contribution to one of the greatest e-waste events on record. I’m posting it here for those who may want to review some alternatives before the end date arrives.
As an add-on to the thread. Most users don’t give a hoot about TPM requirements for Windows 11. Throwing out perfectly good hardware is insanity to the every day person. In fact TPM is just as vulnerable as any other snake oil that gets a big security push for the sake of being a cash cow. Microsoft need to stop misleading the public about it. Although patches have already been put into place, more vulnerabilities are surely coming, here is some AI generated info on the subject below:
AI Overview
Yes, TPM 2.0 can be vulnerable to attacks, although it is considered a significant improvement in security compared to its predecessors
Here’s why TPM 2.0 can be hacked:
- Vulnerabilities in the TPM 2.0 reference implementation:
- Research has revealed buffer overflow vulnerabilities, tracked as CVE-2023-1017 (out-of-bounds write) and CVE-2023-1018 (out-of-bounds read), in the TPM 2.0 library specification.
- These flaws allow an authenticated local attacker to send crafted commands and potentially:
- Access sensitive data.
- Overwrite protected data, such as cryptographic keys.
- Lead to a crash or arbitrary code execution within the TPM, potentially undetected by other device components.
- Affected vendors need to update to a fixed version of the TPM 2.0 specification to mitigate these risks.
- Physical attacks:
- Cold Boot Attacks: Extracting sensitive information like BitLocker keys from RAM after a reboot is possible due to TPM 2.0’s limited RAM clearing mechanisms.
- Fault Injection Attacks: Inducing errors by altering physical conditions (voltage, temperature, etc.) can potentially leak information or disrupt TPM operations, according to Freemindtronic.
- Bus Pirate Attacks: Exploiting vulnerabilities in SPI communication allows attackers with physical access to intercept BitLocker keys, according to Freemindtronic.
- Malware and social engineering:
- While TPM 2.0 enhances security, it doesn’t offer protection against every type of attack.
- Malware on a device can satisfy the “authenticated local access” condition required to exploit some vulnerabilities.
- Phishing and social engineering attacks can trick users into divulging sensitive information that TPM cannot protect.
Important Notes:
- Exploiting many TPM vulnerabilities requires authenticated local access to the device.
- TPM 2.0 is still a valuable security component, but it’s not a silver bullet.
- Staying vigilant, applying updates, and practicing good cybersecurity habits are essential for device protection.
So, given the global impact and scope of what awaits Microsoft customer like me and you this October, I am always finding avenues of “suggestion” for the possible continued usage of Windows 10 in a legitimate way. And, upgrading unsupported devices in a manner that is both ethical and legal. Please review the article below for those suggestions. Our friends over at Bleeping Computer always do a bang up job of getting the information we need and in a manner all can digest it and accomplish things. Kudos to the BC teams.
- Note of caution and liability - From the article please allow me to make their statement very clear. AND, you will still be required to have a legitimate Windows 10 / 11 product key to install
You have to accept the potential risks of running altered Windows copies, especially when using third-party tools. If you are not comfortable doing that or you do not trust the maker of the script, you can try installing Windows 11 on unsupported PCs using unmodified images or enroll your system in the Extended Security Update program to remain supported for one more year.
SA