The Enslopification of Windows and Microsoft

追加: 2026-05-13

[00:00:00]Windows 11 and Microsoft have had an extremely embarrassing run ever since releasing Windows 11. From major security exploits to updates that just completely break your entire system, it seems like they're only getting worse over time. Like Copilot, dude, nobody wants C-Pilot, but they're trying so hard to shove it down everybody's throat. The bloat wear, the rampantly increasing AI features, the security problems. I think the downfall of Windows 11 and Microsoft needs to be studied. This is the inshitification of Windows 11. In February of 2026, a remote code execution vulnerability was discovered on the Notepad app. A remote code execution vulnerability is basically when a hacker can execute code on your computer remotely. That code can be essentially anything. Basically any commands or code that you can execute with your keyboard from your own device can be done remotely with this vulnerability. It is typically done when a bug in an application is exploited and that exploit tricks your potato ass computer into running malicious code.

[00:01:08]The potential damage can range from small [ __ ] to like an entire system takeover. Probably the most common one is people using these vulnerabilities to infect your computer with a remote access Trojan. This assimilates your computer into a botnet and your passwords, crypto, bank accounts can all be compromised. The reason this vulnerability was possible was because Microsoft introduced an update that added markdown features to the Notepad app. Markdown rendering is basically allowing hyperlinks to be displayed in the document. You know, when like links show up like all blue and [ __ ] and then and then like you could click it. That's basically what this is. The standard method to handling all of these links is just to properly sanitize them. Like how essentially every web browser ever handles them. But not Microsoft.

[00:01:54]Microsoft was like, "All right, let's uh let's open the floodgate so uh anybody can enter this uh this party." It's like a frat guy letting you into a party even though you didn't bring any girls, alcohol, or drugs as like a [ __ ] offering. On top of that, the way they handled the links was frankly it was frankly quite [ __ ] Instead of opening a web page, Notepad would pass the links directly to Windows. This allowed what should be a simple text editor to launch local files and execute remote commands. One of those little blue links would be disguised as a hidden command which would execute code if a user clicked on it. They also added Copilot into Notepad so the app itself has network activity. Like why does my text editor need to connect to the [ __ ] internet? Like imagine Vim or Nano connecting to the internet when you're just trying to edit text. The next is the Windows File Explorer vulnerability. This vulnerability basically allowed attackers to steal your user login credentials through NTLM hashes by simply having the user view a folder or extract a compressed file like a zip file. It was caused by how Windows File Explorer automatically process certain file types to show you previews and icons. Basically, when you navigate to the folder containing the malicious file, Windows Explorer automatically parses the file to display. That malicious file would contain a network path pointing to a server operated by the attacker and Windows would automatically attempt to connect to that server and then that connection would trigger a handshake which the attacker could uh could could capture. The problem is that Windows uses NLM which is comically outdated and extremely easy to crack with something like hashcap. To demonstrate how easy it is to crack an NTLM hash, I made this threeline Python script to generate an NLM hash using the standard protocol, which is converting the plain text into UTF-16LE encoding and applying the MD4 algorithm to that encoded string. MD4 has been obsolete since 2011, if that if that helps put this into perspective. One of the biggest reasons these hashes are so insecure is because the hash is completely unsalted. Sultting a hash is when you add random characters to every hash. When you do not salt your hashes, every hash generated using the same password will be exactly the same. You can probably see why this is not very secure. Typically with salting, even if you generate a hash for the exact same password multiple times, the hash would be completely different every time. So anyways, back to the Python script. I generated one of these hashes and used hashcat to crack it in an extremely short amount of time. This would be harder with a good password rather than password 1 to3. But regardless, Microsoft should not be using NLM in 2026, let alone in this [ __ ] decade.

[00:04:33]Because even with a secure password, MD4 is so mathematically simple that a [ __ ] single high-end GPU can brute force billions of combinations per second and easily crack it. I put it to the test since the first hash I cracked was a dictionary attack. So, let's take this arguably more secure password and try to brute force it. It's only going to be six characters because I don't feel like waiting multiple [ __ ] hours, but it is all random characters.

[00:04:58]I was able to crack it fairly easily.

[00:05:01]You know, the worst part, Windows 11 still uses NTLM today. It is possible to manually disable it if you don't like want to wait for Microsoft to get rid of it. And that solution is to just use Linux. No, no, you you you can you can actually just go into the local group policy editor and disable it from there.

[00:05:19]Anyways, I hope I made my point. On to the next one. Whoa, whoa, whoa. Hold up.

[00:05:23]Literally during the editing of this video, news dropped of Microsoft Edge storing passwords in memory as plain text. I mean, this [ __ ] just writes itself. The proper way to handle passwords in the browser is to load them in memory encrypted only and only on the site that it's being used on. And when it's needed, that's when you should decrypt it and then immediately delete them from the memory right after. How does Edge handle passwords? Well, it stores them perpetually unencrypted in the memory even for websites which haven't been visited yet. The best part, the security researcher who disclosed this to Microsoft, he was like, "Yo, dude, this is like a vulnerability here, man. You guys, you guys got to handle this." And then Microsoft was like, "Oh, no, man. This is not a vulnerability.

[00:06:10]It's a this is a intentional decision."

[00:06:13]>> I mean, Jesus Christ.

[00:06:32]The next one is very scary. You might have heard about the Blue Hammer vulnerability. A security researcher just straight up released it to the public because they were just kind of pissed off at Microsoft. Basically, Microsoft was downplaying the threat and basically ghosting the security researcher and like just [ __ ] refusing to pay them the bounty for the bug. So, naturally, like anyone would do, they just released the exploit to the public to basically force Microsoft into fixing it. With this exploit, an attacker uses a race condition to trick the system by changing a file state for like a [ __ ] nancond between when Windows checks if a file is safe and when it actually uses it. During that split second, the attacker basically pulls like a like a Indiana Jones and swaps that it swaps that safe like folder with a symbiotic link that points to a protected system file like uh like the security account manager database.

[00:07:26]Then Windows Defender being the pressure plate that Indiana Jones put the bag of sand on thinks that the golden statue is still on the pressure plate and it leaves your password hashes completely exposed. It also could escalate the attacker's permission to the system level. As of the 14th of April 2026, this exploit remains unpatched by Microsoft. Okay, enough security [ __ ] Let's cover just shitty Windows 11 updates. In March of 2026, Windows 11 was updated and the internet connection was broken. Even if you had internet, the system would think that you didn't have any. Windows would basically just gaslight you into thinking that you had no internet when you really did. This wouldn't affect things like web browsers, but anybody who is engulfed in the Microsoft ecosystem with things like Microsoft 365, they wouldn't be able to use it since that software wouldn't be able to verify your subscription. Why doesn't everybody just use Libre Office?

[00:08:18]Um, I don't know, man. I I just don't get this world sometimes. In October 2025, an update rolled out that broke the USB keyboard and mouse support in the Windows recovery environment. So, you know this screen, the screen that you [ __ ] go to to fix your computer if something goes wrong? Well, good luck fixing it because you can't interact with anything. In January 2026, a Windows 11 update broke the ability to boot. So, you just couldn't access your operating system at all since all you would get is a black screen. The way to fix this was to uninstall the latest update or restore a previous backup.

[00:08:54]Let's talk about Microsoft Copilot and AI. Microsoft admitted that roughly 20 to 30% of their code is vibe coded. So I'm really not surprised with how often [ __ ] breaks when it comes to Microsoft.

[00:09:07]Microsoft has poured billions into C-Pilot and AI. So they really really want you to use it. So much so that it automatically installs itself on Windows devices that have Microsoft 365 and it installs itself without consent. There's a feature in Copilot called recall which regularly takes screenshots of your screen for convenience. Granted, it does not send any of that data to Microsoft servers, but still dude. Who that who thought that was a good idea? The entire recall feature was actually delayed after the massive backlash when they originally announced it, which in my personal opinion, I feel like it was originally much worse for privacy.

[00:09:47]That's just my opinion notes and nothing nothing was ever confirmed with this.

[00:09:51]So, please don't sue me, Microsoft.

[00:09:53]Anyways, nobody likes recall. Signal blocks it by default. Brave blocks it by default. I block it out of my [ __ ] life by default. The next things I'm going to talk about are not Windows 11 specific, but I thought it was important to include browser gate. Basically, LinkedIn is owned by Microsoft and anytime a user uses LinkedIn, hidden code is ran that searches the user's computer for installed software. It collects all the results and sends that to the LinkedIn servers and to other thirdparty companies. None of this is listed in the privacy policy. LinkedIn also read the clipboard of iOS users on the app, which they have gone to court over. If you want to know more about BrowserGate, I recommend this video by the incredibly talented Laser Helix. The video will be linked in the description.

[00:10:36]Microsoft Edge has historically imported Chrome tabs and data without user consent. This was a bug and not an intentional feature according to Microsoft. Microsoft admitted that humans listen to Skype and Cortana audio. Why the hell are they listening to these calls? Microsoft Office and that entire ecosystem has borderline criminal levels of telemetry. So much so that the EDPS stepped in in 2024.

[00:11:00]Outside of Windows 11, Windows 8 start menu was completely redesigned from from like the intuitive design that we all know and love and it was turned into this touchscreen slop. So this entire intuitive menu which is typically on the bottom left was replaced by this [ __ ] some [ __ ] that you see on a tablet or some [ __ ] They immediately removed it after seeing that essentially nobody liked it. In October 2018, a Windows 10 update rolled out that deleted many personal files. These files were typically unable to be recovered and were lost permanently. Some of you might be asking why I made this video. I honestly don't know. I was kind of bored and had a lot of free time lately.

[00:11:38]Anyways, I don't want to sound like super biased here, even though I am kind of biased against Microsoft in in some facet. Almost every software has bugs.

[00:11:46]vulnerabilities and the occasional blender. Microsoft just has more than most. So, dear viewers, what the hell did we learn today? If the answer is to use Linux, then you are correct and you get a gold star. Thank you to our current channel members. Thank you for watching everybody. Like, comment, subscribe, become a channel member, and until then, I'll see you. Thank you.

[00:12:21]Heat. Hey, Heat.