This comprehensive security report investigates unpatchable vulnerabilities in Windows 10 and 11, focusing on systemic flaws that resist traditional patching due to their deep integration into the operating system’s architecture, hardware dependencies, and legacy compatibility require ments. These vulnerabilities, rooted in fundamental design choices and ecosystem constraints, pose significant challenges to securing millions of Windows devices worldwide. The report ex amines three critical vulnerabilities: legacy BIOS/UEFI firmware weaknesses, kernel memory management flaws, and backward compatibility with legacy protocols. It provides a detailed technical analysis, exploitation vectors, detection challenges, and comprehensive mitigation strategies. With Windows 10 approaching its end-of-support deadline in October 2025, these flaws pose heightened risks, necessitating proactive defenses. This report adheres to responsi ble disclosure principles and aims to support Microsoft’s efforts to strengthen Windows security in 2025.

Interesting that the report calls out SMBv1 which is disabled by default in Windows 11. I suppose you could have an exploit that triggered SMBv1 optional feature install, but you already have local admin rights at that point.

SMBv1 has effectively been removed for modern clients and thus is not 'unpatchable'.

Encryption is on-by-default with SMBv3, I believe.

So some of these mitigations are already in place. I'm sure the UEFI issues will always persist, that's not a Microsoft issue per se, and I assume the kernel memory management potential vulnerabilities are still present, though the author doesn't offer any concrete proof in the report that these are exploitable as of today.