The first thing to understand is that Microsoft still has to roll out updates to Windows 10 for businesses and clients that have opted into their Extended Security Updates (ESU) program. This program is designed to give people some extra time to adapt their applications over to Windows 11. If you are a big organization and have custom programs, they might not work as expected in a new version of Windows. It’s my opinion that if you can run your programs on Windows 11, you should not put money into a dead solution like Windows 10, and I don’t have any clients that have applications that cannot run in Windows 10.

That said, Microsoft does still roll out Cumulative Updates Packs for Windows 10, and yesterday they did just that with KB5066791. This update patches 173 security vulnerabilities and fixes several little bugs. Systems that are not enrolled in the ESU will not get this update, so those vulnerabilities are now documented and open to exploitation. A lot of these really don’t mean a lot to most folks, but there are a couple that might be a problem for the standard office user.

The first one is kind of a big deal, since it affects all versions of Windows from the past 20 years. It’s known as CVE-2025-24990 and it has to do with a driver for an old phone modem that is included by default with all Windows systems. By leveraging a bug in that driver, attackers are able to gain administrative rights on a system. This means that if you were to say open an attachment on an email that contains this code, it could do anything it wants to your system. What’s worse is that this is known as a zero-day attack, meaning bad guys have been using this in the wild and have taken over computers with it already.

The second one has to do with the “Preview Pane” in File Explorer. I think that most people keep this thing disabled, but if you are using it to preview the contents of Office documents, you’ll probably want to turn that off. There is an exploit that can also install software or take over your computer if you have it enabled and preview an Office document with it.

Those are just two of the patched holes in Windows 10, but let’s see how it could affect your standard office worker. One of your clients’ email systems is hacked, and the attacker sends out a carefully crafted email with a Word attachment. This comes from your client and seems real, so you open it to check it out. Since this attacker is using a vulnerability that isn’t patched on your system, they are able to install a virus that begins to encrypt all the files that your workstation has access to. This means not just your PC, but any files on your network that you can get to also. This happens silently until a screen pops up asking for money to decrypt them.

Since you have the Nordic IT Solution, you call us and we are able to restore the files from backups and get everything back, but your workstation is going to be out of commission for a few days while we get a new one setup for you. Your coworkers may also be unable to work while we recover data from backups. Overall, the business takes a hit with systems being offline while clean up happens, and everyone has a really bad day. And all you did was open an email attachment from a trusted client.
While we do our best to protect you from these kinds of attacks, the best protection is to keep your systems updated and compliant. So, please, get on Windows 11 and stay safe out there.

-Nate