CVE-2024-38063 - Or, IPv6 fucks everyone again, and still nobody actually uses it

[30+GameOvers]

Download a fresh 22H2 iso and do a proper reinstall. Your current install is borked.

It's fine now, altho I will have to continue debloating as the time goes on.

Well I listened to you fucks and allowed windows to update for the first time in five years, and I've spent the last two hours in gpedit/regedit/services.msc undoing all the bloatware and telemetry again.

Question: will getting rid of Microsoft defender / security center affect this vulnerability?

I would keep Defender just in case. As I understand it, this exploit bypasses both anti-virus and your firewall but you never know when Defender might spot something shady.

 

[xn--mck1c]

if you're hosting services then I assume you work or aspire to work in IT so you should probably be wanting to learn it even if there isn't a golden carrot to tempt you.

What I'm talking about here is specifically past the learning stage. It's important to learn how to jump start a car, but once that's done I'm not going to do it unless I have a reason to.

The reason why I would go to VPNs or CF tunnel style forwarding services (there are plenty of alternatives like Ngrok) is because I can't use IPv6 as a replacement for them, namely to enable connecting from networks which do not have IPv6, which is a rather common requirement.

Now, once that's done, setting up IPv6 doesn't let me do anything more, other than in very specific/contrived situations.
If I don't stand to gain anything from it (once again, approaching from an already learned context), I'd tend to just disable it to both save myself the effort, and reduce the attack surface.

Also, if I want to hide by my home IP or get some DDoS protection (much easier to rotate VPNs than force an IP change in some cases), I still have to setup a VPN and NAT (or tunnel) anyway.

What's the "effort", in your case?

Other than the those you mentioned, like assigning, documenting, and designing a new set of addresses, even assuming no compatibility issues or the setup itself running into issues:
- The layout is different, If your IPv4 has NAT and IPv6 is different, it's not as simple as tacking on 1 more address
- Binding to specific addresses for security? Remember to update those too
- Same for the firewall rules and NAT (if you wish to hide your IP)
- Something not working? Need to test if the issue is with IP 4, 6, or both. Also time spent testing that it actually works on 6, and not just falling back to 4

Is it much more effort? Not really. But it's against the ratio of zero benefit, since whatever solution I use to get stuff working for IPv4 exclusive networks already solves the issue.

 

[The Repeated Meme]

My windows build is pretty out of date. I was thinking of reinstalling to switch over to Windows 11 iot enterprise ltsc. I tested in a vm and it's pretty good. Pretty easy to undo all of microsoft's bullshit with debloat and startallback.

I'm on 22h2 and haven't updated since I installed it.

Update on this: I've made the switch off Ghost Spectre OS (22h2) to 11 Iot Enterprise LTSC (latest build). I'm pretty happy with it, I have windows update and defender enabled this time, because why not. I actually paid for a startallback license because it's just that good, and overall performance is pretty good.

I'm going to stay on this version until microsoft drags me kicking and screaming to the next version.

 

[SCV]

This, ladies and gentlemen, is a great example of hubris. If this retard had just updated his computer every once in a while, he would not have so many problems, and he would have been able to deal with the changes gradually. And then he doubles down about never updating. Please, for the love of God, don’t be like this guy.

Go ahead and defer feature updates. I defer mine for a year. Turn off the automatic updater, too, if you want (I do). But don’t be a retard and never update. You’re not an air gapped mission critical remote system with a multi-million dollar budget to update every five years. If you are on the internet, you need to have a reasonably up-to-date system. And you need to stay up-to-date with security patches.

"You updated your computer like MS said to and it caused problems. You should've know the correct way to do this and you should ignore your lying eyes about what caused your problems."

If updating from 1511 to 22H2 is too much of a jump then microsoft should not allow it. If they do allow it (or in many cases actively push for it) they are effectively saying it should work and complaints that it breaks things are legitimate. I would also love to hear your explanation why installing several patches months apart is substantially different enough compared to installing them a few minutes apart such that it causes problems.

 

[George Lucas]

"You updated your computer like MS said to and it caused problems. You should've know the correct way to do this and you should ignore your lying eyes about what caused your problems."

If updating from 1511 to 22H2 is too much of a jump then microsoft should not allow it. If they do allow it (or in many cases actively push for it) they are effectively saying it should work and complaints that it breaks things are legitimate. I would also love to hear your explanation why installing several patches months apart is substantially different enough compared to installing them a few minutes apart such that it causes problems.

I’m not going to comment on a system I don’t know. What I can tell you is that Microsoft sometimes does break things and that’s why I defer feature updates by a year. Stuff breaking happens in every operating system. It’s not reasonable to think that updating an ancient version to the latest is not going to be without problems. It’s never been reasonable in any computing era. Windows is actually the most backwards compatible OS. Keeping your system up-to-date is a responsibility of having a computer that’s connected to the internet.

 

[Slav Power]

I would also love to hear your explanation why installing several patches months apart is substantially different enough compared to installing them a few minutes apart such that it causes problems.

Jumping from Windows 10 1511 to 22H2 is like jumping from Ubuntu 15.10 to 22.10. It's not just a few security patches on top of the same OS, the entire OS had ~7 years of major changes, with the jump from 1511 to 22H2 skipping 11 incremental upgrades of the core OS. No update system can be designed to do such an upgrade and not fuck something up along the way.

 

[SCV]

Jumping from Windows 10 1511 to 22H2 is like jumping from Ubuntu 15.10 to 22.10. It's not just a few security patches on top of the same OS, the entire OS had ~7 years of major changes, with the jump from 1511 to 22H2 skipping 11 incremental upgrades of the core OS. No update system can be designed to do such an upgrade and not fuck something up along the way.

This doesn't address why installing these updates quickly one after the other is somehow different than every 6 months. And if microsoft has a special "bulk upgrade" or something you should expect that to work properly. I realize right now thinking that would actually be painless is foolish but where did we go so wrong that effectively mandatory security updates are just expected to break things?

 

[Squishie PP]

This doesn't address why installing these updates quickly one after the other is somehow different than every 6 months. And if microsoft has a special "bulk upgrade" or something you should expect that to work properly. I realize right now thinking that would actually be painless is foolish but where did we go so wrong that effectively mandatory security updates are just expected to break things?

This is what happens when a company has a monopoly on OS preinstalls. Your average normalnigger probably has no idea that the operating system on a computer can be changed, and believes their only other option is to buy a Mac, which would subject them to even more gay and retarded shit.