EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.29.08

Windows Vista Left Vulnerable Over Christmas

Posted in Microsoft, Samsung, Security, Vista, Windows at 7:49 pm by Dr. Roy Schestowitz

Broken glass

AS WE POINTED OUT on Christmas day, Microsoft left its users/clients vulnerable over the holidays. But there’s actually more than we mentioned at the time. One of our readers points out that new flaws were found — accompanied by exploits — that can hijack Windows Vista and predecessors (Vista was never secure anyway).

The following exploit utilizes the XML vulnerability in Internet Explorer to execute arbitrary code under Vista.

Here is another new one:

A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user’s system.

Over at The Register, it is being reported that Samsung picture frames are dangerous to Windows users (“The disc is needed to use the kit as a USB monitor on windows XP machines”). We’ve covered the follies of Samsung in the past because they stabbed Linux in the back by signing a patent deal with Microsoft.

The BBC labels 2008 an unprecedentedly bad year for security, but surely it won’t get any better in 2009, not when about 40% of all (Windows) machines are zombies and many people are out of work.

Criminal gangs generate so many viruses for two main reasons. Firstly, many variants of essentially the same malicious program can cause problems for anti-virus software which can only reliably defend against threats it is aware of.

Bearing in mind everything that people already know and witness, the BBC does write: “The vast majority of these malicious programs are aimed at Windows PCs. Viruses made their debut more than 20 years ago but the vast majority of that million plus total have been created in the last two-three years.” It later shows the Windows logo above a caption that says “Most attacks are aimed at PCs running the Windows operating system.”

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. Thomas Holbrook II said,

    December 30, 2008 at 5:18 am

    Gravatar

    This doesn’t surprise me in the least. It reminds me of the whole metafile fiasco in which users of Windows were left out in the cold for an entire year. Then Steve Gibson digs a bit deeper and discovers that it was not a bug, but yes… an actual feature. It was one of those things that probably sounded like a good idea at the time (though I personally can’t figure out for the life of me why pictures should be executing binary code in the first place), then was neglected for quite some time.

  2. aeshna23 said,

    December 30, 2008 at 9:01 am

    Gravatar

    I noticed that the vulnerabilities involved using Microsoft products on Vista. Now, I’m sure if one must use Vista or XP, you should Firefox and not IE for security. Should one also use foobar2000 or dbpowerAmp instead of Windows Media Player? I have my suspicions that MS own programs tend to be security risks on Windows platforms than do third party applications–not simply because the hackers hack them more, but by corporate policy of giving these programs greater privileges than ordinary (and sensible) programmers would. Does anyone know if this is the case?

  3. Roy Schestowitz said,

    December 30, 2008 at 9:31 am

    Gravatar

    “I have decided that we should not publish these extensions. We should wait until we have a way to do a high level of integration that will be harder for the likes of Notes, Wordperfect to achieve, and which will give Office a real advantage.”

    Bill Gates [PDF]

    Enough said.

    Think about ActiveX too. It’s about binding the Web browser and Web sites to one operating system.

    “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

    Bill Gates [PDF]

What Else is New

  1. Guest Article: The Free Software Movement Should Come Out From the Box

    "From now onwards we have to think from a user’s rights perspective and mobilise users of Free software. They should know what rights they ought to get."

  2. IRC Proceedings: Friday, December 13, 2019

    IRC logs for Friday, December 13, 2019

  3. Links 13/12/2019: QEMU 4.2.0, GNU Guile 2.9.7

    Links for the day

  4. Links 13/12/2019: Zorin OS 15.1, Vim 8.2

    Links for the day

  5. Linux Foundation Has Outsourced All the Licence Compliance Stuff to Microsoft, a Serial GPL Violator

    OpenChain Specification/OpenChain Project and Automated Compliance Tooling (ACT) are yet more examples -- the latest of many -- of the Linux Foundation being outsourced to Microsoft, not only for code but also documentation and hosting

  6. IRC Proceedings: Thursday, December 12, 2019

    IRC logs for Thursday, December 12, 2019

  7. Copyleft: Keeping Code Free

    Now that news about "Linux" is dominated by promotion of proprietary software we ought to remember what perpetrators of such a strategy seek to eliminate

  8. Plans That Worked, Plans That Failed

    "I am still looking for good news, but the more good I try to find, the more nastiness I uncover. This is by far, Free software's worst year ever. 2019 Sucks!"

  9. Links 12/12/2019: KDE Applications 19.12, Qt Creator 4.11, New VirtualBox

    Links for the day

  10. Brand Dilution in Action

    Microsoft's proprietary software which spies on people and businesses is getting a "free ride" on the "Linux" brand; and nobody seems to care, nobody seems to notice how perverse that it

  11. At the EPO Money -- Not Quality -- is King

    Financiers are ruining quality

  12. The EPO's Strategic Failure 2023

    Potemkin social dialogue

  13. IRC Proceedings: Wednesday, December 11, 2019

    IRC logs for Wednesday, December 11, 2019

  14. EPO Promoting Software Patents in Countries Where These Are Illegal

    The EPO's vision of 'unitary' software patents (patents on algorithms in countries that disallow such patents, as per their national laws) won't materialise, but in the meantime a lot of Invalid Patents (IPs) are granted in the form of European Patents (EPs) and this is wrong

  15. We Support GNU and the FSF But Remain Sceptical and Occasionally Worry About an RMS-less FSF

    Richard Stallman (RMS) is not in charge of the FSF anymore (it's Stallman who created the FSF) and there's risk the decisions will be made by people who don't share Stallman's ethics or the FSF's spirit

  16. Links 11/12/2019: Huawei Lobbied by Microsoft (Because of GNU/Linux) and Microsoft Still Googlebombs Linux to Promote 'Teams'

    Links for the day

  17. Links 11/12/2019: Edge Native Working Group, CrossOver 19.0 Released

    Links for the day

  18. Instead of Fixing Bug #1 Canonical/Ubuntu Contributes to Making the Bug Even More Severe (WSL/EEE)

    Following one seminal report about Canonical financially contributing to Microsoft's EEE efforts — celebrated openly by GNU/Linux opponentsclosing bug #1 Ubuntu basically decided not that it was fixed but that it would no longer attempt to fix it (“wontfix”)

  19. IRC Proceedings: Tuesday, December 10, 2019

    IRC logs for Tuesday, December 10, 2019

  20. Today's Example of Microsoft's Faked 'Love'

    “On 7 September 2017, users began noticing a message that stated “Skype for Business is now Microsoft Teams”. This was confirmed on 25 September 2017, at Microsoft’s annual Ignite conference,” according to Wikipedia

  21. Links 10/12/2019: Kubernetes 1.17, Debian Init Systems GR

    Links for the day

  22. 'Cancel Culture' as 'Thoughtpolice' Creep

    Richard Stallman spoke about an important aspect of censorship more than 2 decades ago (before “Open Source” even existed); it was published in Datamation (“Censoring My Software”) 23 years before a campaign of defamation on the Internet was used to remove him from MIT and FSF (censoring or ‘canceling’ Stallman himself)

  23. Microsoft Still Hates GNU/Linux and Mark Shuttleworth Knows It (But He is Desperate for Money)

    We're supposed to believe that a PR or image management (reputation laundering) campaign alone can turn Microsoft from GNU/Linux foe into friend/ally

  24. Actions Against EPO Corruption and Unitary Patent (UPC) Injustice/Lobbying

    The EPO is apparently going on strike again and an action against the UPC is scheduled for later this week (protest in Brussels)

  25. “The Fifth Freedom as a Meme”

    The issue with systemd (or SystemD) has provoked or at least stimulated discussions about the limits of the famous Four Freedoms

  26. IRC Proceedings: Monday, December 09, 2019

    IRC logs for Monday, December 09, 2019

  27. Demonstration Against Unitary Software Patents, Thursday 12 Dec in Brussels

    FFII's call to demonstrate against the UPC

  28. Links 9/12/2019: China on GNU/Linux, Canonical Wants Help to Improve Ubuntu

    Links for the day

  29. Links 9/12/2019: Linux 5.5 RC1, EasyOS Buster 2.1.9

    Links for the day

  30. IRC Proceedings: Sunday, December 08, 2019

    IRC logs for Sunday, December 08, 2019

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts