Bonum Certa Men Certa

Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day

Nine O Nine



Summary: Vista 7 as exposed as the naked emperor; Internet Explorer received similar treatment as users are under attack and no remedy is available

OVER the past week and a half we wrote several posts about the illusion of security in Vista 7. Among those posts:

  1. Vista 7 Exploit is Out (Zero-Day Vulnerability)
  2. If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?
  3. Microsoft Won't Secure Firefox/Chrome Users, Shows More Negligence


Reports about this subject continued to come and only an advisory (not a patch) came from Microsoft. Regarding another serious crack that led to security issues in vista 7, reports suggest that it "comes as no surprise," proving yet again that Microsoft does not give a damn about security.

There is now the following serious incident which leads to invaluable harm. No report seems to say which platform is to blame, but the University of East Anglia is not necessarily a docile Windows shop, not based on its Web site anyway. It actually abandoned Solaris for GNU/Linux when Sun began roaming the streets looking for love. Does anyone know what mail systems are used at the University of East Anglia?

A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files. Emails are peppered with disparaging remarks and a crude cartoon of sceptical scientists is also included in the archive - suggesting the hacker roamed wide across the University's servers.


More at The Guardian.

A spokesperson for the University of East Anglia said: "We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and have involved the police in this inquiry."


Regardless of what this "server in question" actually runs, Microsoft is taking a weird approach to security, suggesting/recommending a different architecture (not platform) as a cure for executables that exploit Windows by design, not just by compilation.

Meanwhile we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco]

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.


More information at IDG:

The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer.


No fix is available yet, except a download that's called Firefox or Fedora. But Microsoft does not want people to say the "F" word, so it will probably deliver a patch very soon.

To Free software's credit, it rarely waits for attacks to occur before addressing security vulnerabilities.

More on Vista 7 insecurity:



Recent Techrights' Posts

Nonfree Software in My Bank, by Richard Stallman
Updated 8 hours ago
Richard Stallman is Usually Right Because He Thinks "Outside the Box"
he is able to observe society (mores and norms) as somewhat of an outsider
 
This Monday WebProNews Absolutely Flooded the Web With Fake (LLM Slop) 'Articles' About "Linux", Google News Promoted Them as Legitimate
All of the following are fake articles attributed to pseudonyms or authors that don't exist; the images are also slop. Why does Google promote these?
Linuxiac is Not a Slopfarm, But at Least Some of Its Articles Are Machine-Generated Fakes
what we said about it was correct
Expect More Microsoft Layoffs
"Are more job cuts coming?"
Microsoft Behaving Like It's Running Out of Money to Pay Salaries
Does that seem like the behaviour expected from a company which claims it is "worth" trillions?
LWN Downtime Due to Linode, Not LLM Bots
"I’ve received an email letting me know that there is a potential for data loss."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 28, 2025
IRC logs for Monday, July 28, 2025
Links 28/07/2025: Science, Health, and Conflicts
Links for the day
Gemini Links 28/07/2025: Healthy Self-Image With Autism and a "New Life"
Links for the day
Links 28/07/2025: COVID-19 Sped up Brain Aging, "Circumvention is More Popular Than Compliance"
Links for the day
LWN Has Been Down for a Long Time, Another Casualty of LLM Bots?
Time will tell. How much time though?
Slopfarms Versus 'Linux' (and Against People Who Write Real Articles About GNU/Linux)
LLM slop in slopfarms by Brian Fagioli and Redazione RHC
Gemini Links 28/07/2025: Bila Yarrudhanggalangdhuray and Running pkgsrc in a FreeBSD Jail
Links for the day
Microsoft Turns News Sites Into Spamfarms
Is the site The Register MS the next IDG?
The Register MS/The Register US
On Saturday I contacted them for a comment (before issuing criticism)
Hacking revelations at Vatican Jubilee of Digital Missionaries
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 27, 2025
IRC logs for Sunday, July 27, 2025
The Week to Come
Planning ahead
LLM Slop Has Only Been a Boon for Misinformation Online
The very same companies that were supposed to maintain quality (again, not limited to Google with PageRank) are now actively participating in generating and spreading slop
When They Tell You It's Free, Does That Mean No Charges (If So, Who's Paying and Why)?
there's "no free lunch"
We're Going to Focus Less on the Molotov Cocktail-Throwing Microsofters and More on Patents
We can get back to focusing on what we wanted to focus on all along
Just Trying to Keep Web Sites Honest (Journalistic Integrity)
the latest articles in LinuxIac are real
Links 27/07/2025: Political Affairs, Data Breaches, Attacks on Freedom of the Press
Links for the day
Gemini Links 27/07/2025: Hot in Japan and Terminal Escape Codes
Links for the day
Links 27/07/2025: More Microsoft Layoffs Coming, Science and Hardware News
Links for the day
Links 27/07/2025: FSF Hackathon and "Hulk Hogan Was a Very Bad Man"
Links for the day
Gemini Links 27/07/2025: DAW Mixer Chains and Simple Software
Links for the day
The Register MS is Inventing or Giving Air Time to New Conspiracy Theories so as to Distort the Narrative As High-Profile Agencies Fall Prey to Microsoft Holes
But the problem is holes, i.e. Microsoft making bad products; the problem is Microsoft
Most Editors at The Register Are American, Including the Editor in Chief, a Decade-Long Microsoft Stenographer (Writing Prose to Sell Microsoft)
It's not easy to tell where the site is based (we tried) because it's hiding behind ClownFlare and CrimeFlare hasn't been well lately
Pushers of systemd Rewrite History (Richard Stallman Said UNIX "Was Portable and Seemed Fairly Clean")
Unlike systemd
"New Techrights" Soon Turns 2 (A Few Days Before the FSF Turns 40)
We have a lot more to say about LLM bots
When Silence Says So Much
Garrett, a 'secure' boot pusher, will need to defend himself in the UK High Court
The Register in Trouble
There is not much that can be done at this point
Trajectory of The Register: From News Site/s Into "B2B"... and Into Microsoft Salespeople
Something isn't right at The Register
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 26, 2025
IRC logs for Saturday, July 26, 2025
Misinformation in Social Control Media
Social control media passes around all sorts of tropes
Slopwatch: Fake Linux 'Articles' and Slopfarms With "Linux" in Their Names/Domains
throwing bots at "Linux" to make some fake articles