EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.11.08

Nothing New Under the Microsoft

Posted in Microsoft, Security, Windows at 6:28 am by Dr. Roy Schestowitz

Cracker

Microsoft’s handling of security is a cyclic routine that goes like this:

  1. Many flaws get reported, accumulated, and then mostly ignored
  2. Attacks on the unpatched flaws begin, so Microsoft ‘kindly’ bothers to work on patches in a rush
  3. Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
  4. Patches arrive too late, after many servers and desktop have already been hijacked
  5. A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
  6. Patches turn out to be dysfunctional and consequently many computers are left out of services
  7. Microsoft reworks the patches and then delivers a patch to the broken patches
  8. Repeat (1)

This month was no exception. Microsoft delivered half a dozen “critical” patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers.

____
[1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft’s Patch Tuesday

Microsoft’s Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company’s Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. pcolon said,

    December 11, 2008 at 6:47 am

    Gravatar

    MS can spin this to increase their server footprint without having to embrace Apache by claiming “MS has the real “A-Patchy” servers .

  2. Richard Mclaughlin said,

    December 11, 2008 at 5:41 pm

    Gravatar

    actually, it’s more like this.
    Patches are released.
    smart people and IT departments install them.
    average joe blow doesn’t.
    Hacker looks at the hole the patch fixed and attacks the hole.
    systems go down because people didn’t upgrade when the patch came out.

    Having run call centers for 15+ years, I know this to be a fact.

  3. Roy Schestowitz said,

    December 11, 2008 at 5:53 pm

    Gravatar

    How many of those “smart people” actually get ‘burned’ for installing bad patches? Quality counts too.

    The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

What Else is New


  1. Links 13/11/2019: Docker Enterprise Bought, WordPress 5.3, Qt 5.12.6 Released

    Links for the day



  2. Rebranding Malware and Spyware as 'Linux' to Dilute the Brand (and the News)

    Signal-to-noise ratio continues to be reduced, as a lot of "Linux" news has nothing to do with GNU/Linux or even with Free software



  3. Understanding Thierry Breton: In the Beginning...

    Career roundup of Thierry Breton, possibly the next EU Commissioner



  4. Startpage Has Been Delisted, But it Ought to be Blacklisted

    Startpage has just warned its fans (I am a former fan) of what Startpage itself covertly became months back



  5. IRC Proceedings: Tuesday, November 12, 2019

    IRC logs for Tuesday, November 12, 2019



  6. Links 12/11/2019: Plasma 5.17.3, More Intel Defects, Bytecode Alliance

    Links for the day



  7. You've Gotta Go When You've Gotta Go

    How most staff of the European Patent Office (EPO) feels these days



  8. Teaser: Thierry Breton and His Disquieting Past

    "The company attracted notoriety and loathing in the UK for its role in assessing disability benefit eligibility."



  9. EPO and EU: People Behind the Faces

    It’s no secret that the EPO breaks the law and European officials have taken no concrete steps to intervene; to make matters worse, potentially new EPO allies may soon be put in charge of the EU Commission



  10. Maintaining the 'Delete Github' page

    "This list really is a starting point, which can hopefully increase awareness about the issue of concern."



  11. Linux Foundation Picking Money

    The dating standards of the Linux Foundation



  12. Microsoft 'Borrows' the Linux Brand

    With help from the likes of the Linux Foundation Microsoft continues to misuse and ‘dilute’ the Linux brand (and registered trademark)



  13. EPO Corruption Compared to Cocaine Scandals in Antwerp

    Days after the Dutch protest discussion is sort of 'uncorked' regarding EPO corruption (published, as usual, in the form of anonymous comments)



  14. SUEPO Showed That the Media Won't Cover EPO Corruption Until Half the Workers March in the Streets

    What ought to have been a central (if not 'the' central) issue of debate in Europe is still being treated as borderline irrelevant or marginal



  15. Meanwhile in California

    News from California is being spun by Microsoft this week, owing to weak journalism that's more like PR than journalism



  16. Privacy-Centric Services and Even Drupal/Acquia Defect to the Camp of Mass Surveillance

    In search of money [pun intended] companies and services that are supposed to respect their customers and users turn out to be doing the opposite; this merits research and public discussions



  17. IRC Proceedings: Monday, November 11, 2019

    IRC logs for Monday, November 11, 2019



  18. Links 12/11/2019: Sparky 2019.11 Special Editions and Twisted 19.10.0 Released

    Links for the day



  19. Microsoft's Abduction of the Voice of Its Opposition Highlights the Urgency of the Movement/Campaign to Delete GitHub

    Microsoft understands that by entrapping FOSS and GNU/Linux inside proprietary software platforms like GitHub and Azure it can utilise the false perception that it somehow speaks on behalf of both (whilst attacking both)



  20. IRC Proceedings: Sunday, November 10, 2019

    IRC logs for Sunday, November 10, 2019



  21. SUEPO Protests Against Management of the European Patent Office Brought Back Discussions About Corruption

    The atmosphere at the second-largest institution in Europe has long been toxic; now it is becoming a lot more visible again and comments highlight the reasons for the cover-up (gross misuse of billions of euros)



  22. Links 11/11/2019: Linux 5.4 RC7, HandBrake 1.3.0 and Analysis of XFCE

    Links for the day



  23. Links 10/11/2019: digiKam 6.4.0, OpenMandriva Lx 4.1 Alpha and OpenZFS Plans

    Links for the day



  24. Video: Dutch Media on EPO Protest

    The new video added by SUEPO on Saturday in order to show Dutch media coverage of last week's protest in The Hague



  25. Politics in the Workplace Are Not Paradoxical and Outside the Workplace They Are Free Speech

    The safest space is one in which no other human (or creature) exists, but in reality we must make compromises and accept that not everyone will agree with us 100% of the time (so we must learn to live with that)



  26. IRC Proceedings: Saturday, November 09, 2019

    IRC logs for Saturday, November 09, 2019



  27. Thick Skin Makes Strong Communities

    Learning to coexist with people who don't agree on everything is a strength and successful societies encourage that (the alternative is blind conformity on all matters)



  28. Training (Proprietary Software) Versus Teaching (Free Software)

    Education necessitates software freedom — a fact that companies like Adobe, Apple and Microsoft try hard to distract from



  29. The Linux Foundation Brought as Keynote Speakers People Vastly Worse Than Those Whom It Now 'Cancels' for Purely Political Reasons

    A lot of people are very upset about the Linux Foundation's alleged 'witch-hunt' and even press coverage has caught up with the outrage; but our position is that it distracts from vastly bigger Linux Foundation scandals



  30. An Open Letter to Richard Stallman

    "It's past the time for the official cornerstones of the Free software movement to return to their full operational capacity, and to take the gear out of neutral."


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts