EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.11.08

Nothing New Under the Microsoft

Posted in Microsoft, Security, Windows at 6:28 am by Dr. Roy Schestowitz

Cracker

Microsoft’s handling of security is a cyclic routine that goes like this:

  1. Many flaws get reported, accumulated, and then mostly ignored
  2. Attacks on the unpatched flaws begin, so Microsoft ‘kindly’ bothers to work on patches in a rush
  3. Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
  4. Patches arrive too late, after many servers and desktop have already been hijacked
  5. A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
  6. Patches turn out to be dysfunctional and consequently many computers are left out of services
  7. Microsoft reworks the patches and then delivers a patch to the broken patches
  8. Repeat (1)

This month was no exception. Microsoft delivered half a dozen “critical” patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers.

____
[1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft’s Patch Tuesday

Microsoft’s Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company’s Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. pcolon said,

    December 11, 2008 at 6:47 am

    Gravatar

    MS can spin this to increase their server footprint without having to embrace Apache by claiming “MS has the real “A-Patchy” servers .

  2. Richard Mclaughlin said,

    December 11, 2008 at 5:41 pm

    Gravatar

    actually, it’s more like this.
    Patches are released.
    smart people and IT departments install them.
    average joe blow doesn’t.
    Hacker looks at the hole the patch fixed and attacks the hole.
    systems go down because people didn’t upgrade when the patch came out.

    Having run call centers for 15+ years, I know this to be a fact.

  3. Roy Schestowitz said,

    December 11, 2008 at 5:53 pm

    Gravatar

    How many of those “smart people” actually get ‘burned’ for installing bad patches? Quality counts too.

    The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

What Else is New


  1. Links 22/10/2020: LibreOffice 6.4.7, Septor 2020.5, Ubuntu 20.10 Released, FreeBSD Quarterly Status Report

    Links for the day



  2. IRC Proceedings: Wednesday, October 21, 2020

    IRC logs for Wednesday, October 21, 2020



  3. Living Humbly (With Older Technology or None) is More Compatible With Privacy- and Freedom-Respecting Technological Lifestyle

    Simplicity sometimes trumps so-called 'novelty', especially when it comes to human rights and users' freedom



  4. Reasons Why You (and Everybody Else) Should Join the Fight for Software Freedom

    Society is being closely watched and controlled (more so during/after the latest pandemic) and people must carefully consider the true importance of resisting proprietary technology (controlled remotely by state actors)



  5. Ways and Means to Reduce One's Dependency on Google's Various Monopolies and Near-Monopolies

    Getting rid of Google means a lot more than embracing DumbDumbGo (DDG) or some other sites that spy just like Google; we're taking stock of some options



  6. The European Commission is Still M.I.A. Regarding EPO Corruption (and the EPO's Management Plays Dirty, as Always)

    There's no change in the EU; the EUIPO and EPO enjoy complete and total immunity/impunity, with the Commission being manned by those who are deeply complicit



  7. 10 Reasons Why All This 'Edge for Linux' Coverage is a Total Farce

    The fake hype surrounding "Edge" is an inauthentic hype/buzz campaign made to coincide with anti-Google sentiments spread by Microsoft front/pressure groups



  8. Microsoft's IIS Has Collapsed Again This Past Month (and IIS Will Not and Cannot Survive This Way)

    Netcraft shows that Microsoft's decline further accelerates in the Web servers space; IIS is becoming financially unviable



  9. Links 21/10/2020: Alpine 3.12.1, Tor Browser 10.0.2

    Links for the day



  10. [Meme] US Department of Justice Should Have Taken on Microsoft Again, Not Google

    When lobbying, connections and political sway determine the actions of the American government it's hardly surprising that Bill Gates gets the Trump administration to fight for him (to make him even richer)



  11. [Meme] Banning Words, Gaslighting Volunteers

    What happens when institutions are themselves in violation of a CoC (institutional violation) and massive corporations that fund such institutional violations are defending demonisation of the individual (squashing ‘uncomfortable’ voices, even volunteers’)



  12. IRC Proceedings: Tuesday, October 20, 2020

    IRC logs for Tuesday, October 20, 2020



  13. Links 21/10/2020: $8000 GNU/Linux Desktop, Tails 4.12, Open Infrastructure Foundation and Firefox Release

    Links for the day



  14. Never Feed the Internet Trolls, No Matter How Tempting It Becomes

    The tactics for removing critics of abuse (by framing them as "abusive") have evolved a lot in recent years; the best course of action is to never entertain provocateurs in any way whatsoever (just ignore them, give them no attention which they crave and feed on)



  15. Bill Gates: “I'm Not a Lawyer” (He Dropped Out of College, Where He Studied Law Before and After Breaking the Law Chronically)

    How Microsoft blackmailed other companies into supporting nothing but Microsoft and Windows; Bill Gates repeatedly lied to the interrogators about it, then said "I'm not a lawyer" (IANAL) even though he went to college to become one, just like his father who died last month



  16. Microsoft Has Not Changed Since Being Investigated (and Prosecuted) for Crimes at a Federal Level

    The media keeps telling us a bunch of worthless junk about Gates "saving the world" and Microsoft becoming a "nice" and "gentle" (or "soft") company, but nothing could be further from the truth



  17. Stick a Fork in the Open Source Initiative (OSI). OSI is Dead. Microsoft Bought OSI.

    OSI leadership proudly showing early signs of 'prognosis negative'; the OSI can never and will never recover from this; Microsoft killed it



  18. Links 20/10/2020: OpenZFS 2.0 RC4 and Trisquel GNU/Linux 9.0

    Links for the day



  19. People With God Complex Must Never be Allowed in Positions of Power

    The attack on Linus Torvalds — an attack which at his own expense/peril he fails to recognise/acknowledge — seeks to put both projects that he founded right in Microsoft’s palm



  20. IRC Proceedings: Monday, October 19, 2020

    IRC logs for Monday, October 19, 2020



  21. Corporate Media: GNU/Linux Can Only Succeed If/When Microsoft Dominates Everything Inside It

    The corporate takeover (or handover) of GNU/Linux would not have been possible without complicity of corruptible (bribed) media



  22. Bill Gates Explains How Microsoft and Apple Leverage Software Patents in Their Cross-Licensing Deals (to Perpetuate Duopoly/Shared Monopoly)

    A look back at Apple's and Microsoft's use or misuse of bogus software patents in bargaining (in effect excluding those who have not amassed tens of thousands of patents)



  23. Standards and Choices

    GNU/Linux is a very standards-based platform; having lots of choices (e.g. distros to choose from) isn’t the principal problem — or nowhere near the extent sabotage and illegal tactics by Microsoft have been



  24. IBM's “Emb(RACE)” Campaign is an Insult to History and Historians

    IBM wishes to be seen as some heroic saviour and warrior for black girls; this requires serious if not torturous revisionism to be believed



  25. There Are Too Many Types of Cars...

    "Choice is malicious," say the antagonists



  26. Reversal of Narratives by Internet Trolls (Spinning Reaction to Their Trolling as 'Abuse')

    Organisations that engage in demonisation of people (typically those who expose the abuses of such organisations) somehow evade the standards of Codes of Conduct, as if Codes of Conduct are covertly designed not to protect individuals but to empower those who already have all the powers (or front for powerful people/corporations)



  27. Ongoing (Albeit Secret) Campaign of Patent Extortion Against GNU/Linux Distributions Using Software Patents, Even Expired Ones in Europe

    GNU/Linux distros attacked by software patents, even in Europe where no such patents are supposed to exist (or have any legal bearing)



  28. Links 19/10/2020: Linux 5.9-ck1/MuQSS, Linux Kodachi 7.3

    Links for the day



  29. Java's James Gosling is Wrong. Free Software Advocates Never Suggested or Insinuated That Money-Making Was Ethically Wrong.

    The honorable James Gosling mischaracterises the stance of Free software advocacy, portraying it like it is an issue of money rather than respect for users



  30. Maybe This is What Codes of Conduct Were Made for? Or to Prevent? (Updated)

    When people bemoan the abuse they receive from a so-called 'anti-harassment' team (covering up corporate corruption in a project by ousting people) this is the kind of thing they receive from colleagues or former colleagues


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts