12.29.08

Gemini version available ♊︎

Windows Vista Left Vulnerable Over Christmas

Posted in Microsoft, Samsung, Security, Vista, Windows at 7:49 pm by Dr. Roy Schestowitz

Broken glass

AS WE POINTED OUT on Christmas day, Microsoft left its users/clients vulnerable over the holidays. But there’s actually more than we mentioned at the time. One of our readers points out that new flaws were found — accompanied by exploits — that can hijack Windows Vista and predecessors (Vista was never secure anyway).

The following exploit utilizes the XML vulnerability in Internet Explorer to execute arbitrary code under Vista.

Here is another new one:

A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user’s system.

Over at The Register, it is being reported that Samsung picture frames are dangerous to Windows users (“The disc is needed to use the kit as a USB monitor on windows XP machines”). We’ve covered the follies of Samsung in the past because they stabbed Linux in the back by signing a patent deal with Microsoft.

The BBC labels 2008 an unprecedentedly bad year for security, but surely it won’t get any better in 2009, not when about 40% of all (Windows) machines are zombies and many people are out of work.

Criminal gangs generate so many viruses for two main reasons. Firstly, many variants of essentially the same malicious program can cause problems for anti-virus software which can only reliably defend against threats it is aware of.

Bearing in mind everything that people already know and witness, the BBC does write: “The vast majority of these malicious programs are aimed at Windows PCs. Viruses made their debut more than 20 years ago but the vast majority of that million plus total have been created in the last two-three years.” It later shows the Windows logo above a caption that says “Most attacks are aimed at PCs running the Windows operating system.”

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Thomas Holbrook II said,

    December 30, 2008 at 5:18 am

    Gravatar

    This doesn’t surprise me in the least. It reminds me of the whole metafile fiasco in which users of Windows were left out in the cold for an entire year. Then Steve Gibson digs a bit deeper and discovers that it was not a bug, but yes… an actual feature. It was one of those things that probably sounded like a good idea at the time (though I personally can’t figure out for the life of me why pictures should be executing binary code in the first place), then was neglected for quite some time.

  2. aeshna23 said,

    December 30, 2008 at 9:01 am

    Gravatar

    I noticed that the vulnerabilities involved using Microsoft products on Vista. Now, I’m sure if one must use Vista or XP, you should Firefox and not IE for security. Should one also use foobar2000 or dbpowerAmp instead of Windows Media Player? I have my suspicions that MS own programs tend to be security risks on Windows platforms than do third party applications–not simply because the hackers hack them more, but by corporate policy of giving these programs greater privileges than ordinary (and sensible) programmers would. Does anyone know if this is the case?

  3. Roy Schestowitz said,

    December 30, 2008 at 9:31 am

    Gravatar

    “I have decided that we should not publish these extensions. We should wait until we have a way to do a high level of integration that will be harder for the likes of Notes, Wordperfect to achieve, and which will give Office a real advantage.”

    Bill Gates [PDF]

    Enough said.

    Think about ActiveX too. It’s about binding the Web browser and Web sites to one operating system.

    “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

    Bill Gates [PDF]

DecorWhat Else is New

  1. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021

  2. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”

  3. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same

  4. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day

  5. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below

  6. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation

  7. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains

  8. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day

  9. Links 1/12/2021: NixOS 21.11 Released

    Links for the day

  10. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021

  11. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day

  12. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves

  13. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."

  14. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline

  15. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day

  16. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers

  17. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all

  18. Jack Dorsey's Decision is a Wake-up Call: Social Control Media is Just a Toxic Bubble

    The state of the World Wide Web (reliability, preservation, accessibility, compatibility etc.) was worsened a lot more than a decade ago; with social control media that’s nowadays just a pile of JavaScript programs we’re basically seeing the Web gradually turning into another Adobe Flash (but this time they tell us it’s a “standard”), exacerbating an already-oversized ‘bubble economy’ where companies operate at a loss while claiming to be worth hundreds of billions (USD) and generally serve imperialistic objectives by means of manipulation like surveillance, selective curation, and censorship

  19. IRC Proceedings: Monday, November 29, 2021

    IRC logs for Monday, November 29, 2021

  20. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day

  21. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission

  22. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention

  23. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)

  24. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day

  25. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel

  26. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)

    Balabhadra (Alex) Graveley was promoting .NET (or Mono) since his young days; his current job at Microsoft is consistent with past harms to GNU/Linux, basically pushing undesirable (except to Microsoft) things to GNU/Linux users; Tomboy used to be the main reason for distro ISOs to include Mono

  27. Dr. Andy Farnell on Teaching Cybersecurity in an Age of 'Fake Security'

    By Dr. Andy Farnell

  28. IRC Proceedings: Sunday, November 28, 2021

    IRC logs for Sunday, November 28, 2021

  29. Links 29/11/2021: Linux 5.16 RC3 and Lots of Patent Catch-up

    Links for the day

  30. By 2022 0% of 'News' Coverage About Patents Will Be Actual Journalism (Patent Litigation Sector Has Hijacked the World Wide Web to Disseminate Self-Promotional Misinformation)

    Finding news about the EPO is almost impossible because today’s so-called ‘news’ sites are in the pockets of Benoît Battistelli, António Campinos, and their cohorts who turned the EPO into a hub of litigation, not science; this is part of an international (worldwide) problem because financial resources for journalism have run out, and so the vacuum is filled/replaced almost entirely by Public Relations (PR) and marketing

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts