Nothing New Under the Microsoft

Dr. Roy Schestowitz

2008-12-11 11:28:36 UTC
Modified: 2008-12-11 11:28:36 UTC

Cracker

Microsoft's handling of security is a cyclic routine that goes like this:

Many flaws get reported, accumulated, and then mostly ignored
Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
Patches arrive too late, after many servers and desktop have already been hijacked
A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
Patches turn out to be dysfunctional and consequently many computers are left out of services
Microsoft reworks the patches and then delivers a patch to the broken patches
Repeat (1)

This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers. ⬆

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Comments

pcolon

2008-12-11 11:47:33

MS can spin this to increase their server footprint without having to embrace Apache by claiming "MS has the real "A-Patchy" servers .
Richard Mclaughlin

2008-12-11 22:41:13

actually, it's more like this. Patches are released. smart people and IT departments install them. average joe blow doesn't. Hacker looks at the hole the patch fixed and attacks the hole. systems go down because people didn't upgrade when the patch came out.

Having run call centers for 15+ years, I know this to be a fact.
Roy Schestowitz

2008-12-11 22:53:48

How many of those "smart people" actually get 'burned' for installing bad patches? Quality counts too.

The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

Estimates That IBM to Lay Off Close to 10,000 Workers in 2026 (Not Counting People Pushed Out): There's still chatter about Confluent mass layoffs
Sophie Brun, Raphael Hertzog & Debian sexual conflicts of interest: Reprinted with permission from Daniel Pocock
Instant Bluewashing at Confluent: Mass Layoffs Alleged at IBM: So the main question is, did IBM just fire 800 people?
IBM Red Hat is Still Promoting Restricted Boot Which Restricts Users' Control Over Their Computers: Red Hat under IBM is a total catastrophe
Arvind Says... Something Something "Hey Hi" (the State of Today's Media): Look for news about IBM and most likely it'll boil down to some sound bites from an executive and nothing else
New Post Has Just Explained How IBM Gets Robbed by the People Who Fail IBM: Their plan for IBM is a personal plan
Slop-Spewing GAFAM LLM That Knows Nothing and Understands Nothing, It's a Stochastic Parrot That Cannot Even Figure Out Tux Machines is a Community That Started in Tennessee 22 Years Ago: RMS rightly calls those things "bullshit generators"
Cusdeb Makes New Presentation About Where GNU Hurd (Still a Possible Linux Replacement) Stands in 2026: coming from a generally RMS-friendly account
Gemini Links 18/03/2026: Librarians, Phone Anxiety, Growing 'Small' Net, and Slop Versus Software Engineering: Links for the day
Smug Threat by Garrett to Put My Family and I in Prison Doesn't Prove We Did Anything Wrong, It Only Proves He's Truly Desperate to Stop Further Publications That Embarrass Him: his reputation is poor in the United States
systemd Increasingly Microsoft Project, Controlled by Microsoft and Slopware: Cannot allow choice
What IBM Meant to Red Hat: "Proprietary Bundling, Restricted Source Access": Anyone or anything that joins IBM likely shortens its lifespan
IBM Thrashing Confluent Upon Arrival, Based on Rumours: We deem it a bigger issue that investigative journalism perished, not that one must rely on hearsay online or mere "rumours"
Slop Is Plagiarism, Not (Vibe) Coding, and It's Not Automated, It Doesn't Save Money: Reject misnomers, explain what's actually happening
UPC is Still Illegal and Unconstitutional (Kangaroo Court for Patents, Manned by Corporate Staff), Federal Court of Justice of Germany Receives Belated Complaint About It: What is happening to Europe???
EPO Demonstration Happening Right Now, Later This Week Things Will Only Escalate Further: The SUEPO The Hague Committee wrote to staff this morning
Links 18/03/2026: Commodore's Hedley Davis Dies, Apple Not Good Enough, Cheeto "Floats Treason Charges for Iran War Coverage": Links for the day
A Step Close to Shutting Down the European Patent Office (EPO): Not going to work all month long
EPO Staff Demonstration Today: The demonstration will be live-streamed for those thousands of colleagues who don't live in Munich
Gemini Links 18/03/2026: Brazilian SYN Attacks and BGP: Links for the day
LibreLocal Also Coming to Jordan, Kenya, Mexico, New Zealand, and Spain: It helps raise awareness of Software Freedom
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 17, 2026: IRC logs for Tuesday, March 17, 2026
Microsofters' SLAPP Censorship - Part 14 Out of 200: Men Who Strangle Women (and Worse) Trying to Force Us to Write Public Apologies to These Men: For those who never before saw a SLAPP, they basically make many demands
"Vibe-forking" and Why It'll Ultimately Fail (Hype on Top of Hype): Code made with LLMs sucks; converting solid, human-tested code into slop only complicates matters and increases risk
Updates About Richard Stallman's Free Software Foundation: After all those years (a decade) and in spite of phony scandals many people out there still respect him
LLM Slop With "Linux" in the Domain Names: This is becoming a pain and a problem also in the arts and in software engineering
The EFF Has a Bug, Fixing This Bug is Likely Not Possible Anymore: "the EFF's continued existence impairs the arrival of a replacement organization, one which will actually champion digital rights."
Links 17/03/2026: Microsoft Windows Broken by Samsung, Afghanistan-Pakistan War Escalation: Links for the day
Gemini Links 17/03/2026: Newcomers and False-Positive 'Slop': Links for the day
Héctor Orón Martínez & Debian shadow candidate pressure on Sruthi Chandran: Reprinted with permission from Daniel Pocock
Links 17/03/2026: American Fentanylware (TikTok) Investors Implicated in Kickbacks, "Big Oil Knew It Was Wrecking Louisiana’s Coast": Links for the day
For Third Time in a Week The Register MS Runs Google SPAM That Paints Google as an Ally of Women (Which is False, They're Womanisers): What does that make The Register MS to women?
British Justice Minister Sarah Sackman Blasts Solicitors Regulation Authority (SRA): The "legal industry" is due for "some reckoning"
GAFAM Deprecating Old Videos ("Content") by Removing the Support for Their Format for No Good Reason: "Security" is not a valid excuse
Credit/Debit Cards Have Long Been Called Plastics, Over Time They're Becoming More Like Pure Plastics: They cost less than a dollar to manufacture
The European Patent Office (EPO) Holds a Public Demonstration Tomorrow and It'll be Live-streamed: The EPO's workforce was meant to be capable of speaking many languages and have extensive experience in the sciences
People Who Attacked Techrights Also Attacked My Mother: Picking on old ladies because you don't like Free software advocates is never OK
Little Community Element Left in CentOS: CentOS, unlike Fedora, was meant to be long supported and solid
Social Control Media is Cancel Culture (Companies Like Facebook Also Punish/Ban Accounts for Mentioning "Linux" and Lobby for Anti-Linux Legislation): The masters of Social Control Media decide what ideas can and cannot be expressed
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, March 16, 2026: IRC logs for Monday, March 16, 2026
Someone at Association for Computing Machinery (ACM) is Censoring the Birthday Greetings to Richard Stallman: Some people remember
The European Patent Office (EPO) Illegally Transitioning Into 'Gig' 'Economy' Equivalent (a Shop for Patent Monopolies in Europe): for scabs aka SEALs
At Least Six EPO Strikes Next Month (Yes, Six!): The pressure intensifies over time
Several MPs Blast Solicitors Regulation Authority (SRA) for Inaction and Ineffective Action This Week: "Four MPs have written to the SRA"
Microsofters' SLAPP Censorship - Part 14 Out of 200: The Abusive Cases of the Serial Strangler From Microsoft and His Litigation Buddy Garrett Did Cause "Serious Harm": claims were de facto abandoned at the trial
Today's Discussions About How IBM Pushes Workers Out: The corporate media keeps trying - baselessly and in vain - to paint everything that happens with the "hey hi" brush
Linux Teck (linuxteck.com) and Ubuntu PIT (ubuntupit.com) Are Botspam: now they just keep experimenting by trashing their sites and reputation
Links 16/03/2026: Moscow Experiencing Cellphone Internet Outages, "Salman Rushdie Is Tired of Talking About Free Speech": Links for the day
Links 16/03/2026: Arctic Security and 'Mr. Nobody Against Putin': Links for the day
Gemini Links 16/03/2026: KN95 Skins and CSS Surprises: Links for the day
Debian is Dying for Some of the Same Reasons IBM's Fedora is Rapidly Dying: Prioritising CoC censorship, not communities
The Register MS is Again Femmewashing GAFAM (Which Makes Widows) in Exchange for Money: This is a moral issue because they betray or harm women and prop up authoritarian regimes
Gemini Links 16/03/2026: AB 1043, Lagrange Android Beta 47, and Poetry: Links for the day
"Slop-forking" or "Vibe-forking" as the New 'Noble' Plagiarism: New Cloudflare Slop Project?
EPO "Cocaine Communication Manager" - Part VII - Cult Mentality, Mobbing, Nepotism: Does the EPO actually believe in the law?
2026 Microsoft Layoff Rumours: Surely if we had properly-functioning media, then someone would investigate this rather than rely on official statements from Microsoft and WARN notices
EPO Strike This Week: contact your national representatives about it
Gemini Links 15/03/2026: "Create Opportunities for Good Things to Happen", DOSbook, and Bitcoin Criticism: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, March 15, 2026: IRC logs for Sunday, March 15, 2026
Pirate Praveen Arimbrathodiyil & Debian denouncing volunteers, hiding romances: Reprinted with permission from Daniel Pocock

Nothing New Under the Microsoft

Comments

Recent Techrights' Posts