Microsoft Windows Agentic AI Malware

So, I usually see stuff like this and I use it as an opportunity going, "Hey, Microsoft, yeah, why you doing this? Let's just strip this out." And I've done it work for over two decades and I use Microsoft's own tooling to modify Windows. I don't actually use any third-party tools. So, that's just a little background. Let's get into some Agentic AI news here is oh boy, Microsoft has actually issued a warning about it. So, they made a feature, put it into testing, and then said, "Hey, you probably shouldn't enable this feature because it's insecure and it could also open a door to malware." What does that look like exactly? Uh, specifically, uh, they say, "Hey, they warn in this document, only enable this feature if you understand security implications." And not much else is said here about it, but uh, one of the coders that contributes the win util coding wonders actually installed this version. It's actually on the dev build of 25H2. I think 26H1 also has it. Uh but the build coding wonders used on the dev channel was 26220 7262. And this is what it looks like. Uh essentially what they're doing is it's going to be a subprocess of I I want to say SVC host which we'll get into. Uh and it's actually going to be a service called ISO environment broker. And here is how they put it in. He put at least they didn't put it in SVC group which I guess it's something. But SVC host is essentially a process that runs on every Windows system and it's very prominent. You'll have it running right now. But most average normal users won't be able to know that ISO environment broker is running in the background unless they use something like process explorer from CIS internals um or or something of the like to actually break down some of these processes that run on Windows. However, this is kind of what they're doing where they're putting it and we're kind of just tracking down all these changes so we can strip them out, we can use tweaks and kind of fix uh the glitch that they're going to add. They're also going to make a DL in here from parameter. Here's the entry in the component store and their actual official documentation saying the creation of agent accounts. This provides agents their own separate account on your device acting on your behalf. Now, this is the official documentation from Microsoft. Windows is using a phased approach to add stricter rules to agent accounts in upcoming releases. Right now, it's open. If you enable it, it can just do whatever it wants, which is scarier than it sounds. The creation of the agent workspaces where agents can work in parallel to the human users. Think of it as almost like a secondary account, enabling runtime isolation and scoped authorization. This provides the agent with capabilities like its own desktop while limiting the visibility and accessing the agent has to the user's desktop activity. So essentially it's like a secondary user that's logged in on your desktop that can do all kinds of sort of things and right now it's kind of unlimited. Um but there's obviously security implications, privacy problems with this. I I could see how this could be exploited malware capabilities. Uh a lot of really bad shenanigans can can happen from this and I think some bad actors are going to take advantage of Microsoft's naivity here. Uh or they just don't care and they just want to inflate the AI. I'm not here to interject that. I'm just here to tell you, hey, this is what's happening. Agentic apps like Copilot can request and get access of these six commonly used folders in your user profile directory while running the agent workspaces. Documents, downloads, desktop, music, pictures, and videos. So, they can actually do that, have AI go through it, and maybe it'll give you a summary. Maybe it'll Who knows what it's going to do with that information, but it will request access. it says uh if you have this feature enabled. So, pretty scary stuff. Uh from what we're seeing, I would not enable this feature. Uh I kind of worried about this as far as it coming through. People that follow me, I will create workarounds and we will strip this out going forward. But the big worry here is future feature updates where this might get enabled or Microsoft updates that might enable it as well. So these are really big concerns coming through. My suggestion if this really is something like hey I have to stay on Windows I think uh right now you should be looking at LTSC Enterprise Edition as you don't have to worry about this getting added to those versions of Windows and those should have support up till 2032. So about another seven to six year six to seven years. Six seven [laughter] sorry I got teenagers. Um, anyways, it's uh, yeah, uh, that's just kind of where we're at with the agent OS. The next topic of the day is the activation method, mass grave. Many people have used it in the past. You could just run one command through PowerShell. It would activate your Windows using um, a method dubbed KMS38 and would do uh, these essentially an exploit using the key management service. Uh, now this method has been officially patched by Microsoft and I know the pirates out there going, "I can't believe they patched it." But as with anything with Microsoft Windows, things can be changed. And uh, the script was changed already. Uh, uses HWID and TS Forge activation methods now. So, uh, don't pirate things. It's not good. I'm not going to show you how to do that, but just know, yeah, it just works a little different now. And that's kind of where we're at in uh 2025. I wanted to do a quick update video. This is the news of Microsoft Windows. It just keeps getting worse, but I'm here for it. And we will keep on what is happening with Windows or on the back scenes just kind of constantly modifying updating uh stripping this out removing telemetry trying to keep co-pilot agentic AI and all the other shenanigans that Microsoft's coming your way for those Windows users in check. So drop a comment down below if you want to see this if you want to see anything else. I have done videos on the win util that helps modify Windows so it's not quite as bad but I think what we should be looking at going forward and I'm sure people in the comments are like I installed Linux or I moved to Mac and I think that's going to be a trend for the many years to continue why Microsoft keeps putting out this slop. Uh and just some closing thoughts here. Uh it looks like a lot of their a lot of their uh release notes is now getting created by AI. Uh pretty soon I I'm pretty sure there's going to be emojis beside the development in some of the release notes. Uh me and Coding Wonders were laughing back and forth going I I feel like uh any minute now [laughter] this is it feels like all the release notes are just slop at this point and the code looks even worse. So that's where we're at with Microsoft Windows. Enjoy your day. Uh do not update if you can and definitely stay away from dev channels and uh make sure this feature is off if you are on dev channel and we will be putting in uh some updates. I just updated Winutil and uh I'll be making a video pretty soon on that. Uh just some optimizations, bug fixes, and other things on the back end. So, with that, have a great day and I'll see you in the next

Exploring the dark side of Microsoft's Agent AI technology: how cybercriminals could potentially exploit agentic AI capabilities. Windows Central Article: https://www.windowscentral.com/microsoft/windows-11/microsoft-warns-security-risks-agentic-os-windows-11-xpia-malware Neowin KMS Article: https://www.neowin.net/news/microsoft-axes-popular-free-windows-1110-kms-activation-hack-that-worked-without-internet/ . ►► Digital Downloads ➜ https://www.cttstore.com ►► Patreon ➜ https://www.patreon.com/christitustech ►► Twitch ➜ https://www.twitch.tv/christitustech ►► Website and Guides ➜ https://christitus.com