2

I want to know the status of remote, code executing vulnerabilities of old Windows operating systems that are left unfixed, if they exist at all. Exploits like EternalBlue or BlueKeep wreaked havoc on many systems, but Microsoft did issue a patch even for Windows versions that are past EOL. Seeing that I wonder what the status of older operating systems is. Like Windows 3.1 or Windows 95, are they wormable even with all updates applied?

Edit: I was actually looking for public, documented vulnerabilities.

manatails
  • 61
  • 3
  • The answer is of course yes. The real question is: where can you find a list of unpatched vulnerabilities for legacy Windows operating systems. – Jaap Joris Vens Jan 24 '21 at 17:12
  • Given how far static and dynamic analysis has progressed in the time since those versions of Windows, even if _all_ public vulnerabilities were patched (which they certainly aren't), you could pretty trivially find new ones that were never discovered and only stopped existing when the vulnerable code was removed for some unrelated reason. Pointless 0days, sure, but 0days nonetheless. – forest Jan 24 '21 at 21:14
  • Oh I forgot to mention that I was looking for 'public' vulnerabilities that are actually searchable on the web. – manatails Jan 25 '21 at 18:05
  • It might be easier to answer your question if we knew what you were trying to do, or to narrow the scope. There's unlikely to be a source that correlates every public exploit, and whether if it applies to every Microsoft OS version. You could go back to MS-DOS 1.0 if you wanted, or old DOS network drivers, etc. The scope of this question seems rather wide. – Steve Sether Jan 25 '21 at 18:49
  • I was actually trying to contradict people who claim that using an OS such as Win 95 or Win98 in 2021 is impossible due to security vulnerabilities, although that is true in many aspects but I've seen some people who go as far as to saying that it could get viruses even when doing nothing in a clean install. But I doubt that statement and that's why I decided to ask this question. – manatails Jan 25 '21 at 19:12

0 Answers0