11.22.09

Gemini version available ♊︎

Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day

Posted in Microsoft, Security, Vista 7, Windows at 9:53 pm by Dr. Roy Schestowitz

Nine O Nine

Summary: Vista 7 as exposed as the naked emperor; Internet Explorer received similar treatment as users are under attack and no remedy is available

OVER the past week and a half we wrote several posts about the illusion of security in Vista 7. Among those posts:

  1. Vista 7 Exploit is Out (Zero-Day Vulnerability)
  2. If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?
  3. Microsoft Won’t Secure Firefox/Chrome Users, Shows More Negligence

Reports about this subject continued to come and only an advisory (not a patch) came from Microsoft. Regarding another serious crack that led to security issues in vista 7, reports suggest that it “comes as no surprise,” proving yet again that Microsoft does not give a damn about security.

There is now the following serious incident which leads to invaluable harm. No report seems to say which platform is to blame, but the University of East Anglia is not necessarily a docile Windows shop, not based on its Web site anyway. It actually abandoned Solaris for GNU/Linux when Sun began roaming the streets looking for love. Does anyone know what mail systems are used at the University of East Anglia?

A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files. Emails are peppered with disparaging remarks and a crude cartoon of sceptical scientists is also included in the archive – suggesting the hacker roamed wide across the University’s servers.

More at The Guardian.

A spokesperson for the University of East Anglia said: “We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and have involved the police in this inquiry.”

Regardless of what this “server in question” actually runs, Microsoft is taking a weird approach to security, suggesting/recommending a different architecture (not platform) as a cure for executables that exploit Windows by design, not just by compilation.

Meanwhile we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco]

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.

More information at IDG:

The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim’s computer.

No fix is available yet, except a download that’s called Firefox or Fedora. But Microsoft does not want people to say the “F” word, so it will probably deliver a patch very soon.

To Free software’s credit, it rarely waits for attacks to occur before addressing security vulnerabilities.

More on Vista 7 insecurity:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 24/03/2023: Microsoft's Fall on the Web and Many New Videos

    Links for the day

  2. IRC Proceedings: Thursday, March 23, 2023

    IRC logs for Thursday, March 23, 2023

  3. Links 24/03/2023: Social Control Media Bans Advancing

    Links for the day

  4. Links 24/03/2023: GNU Grep 3.10 and Microsoft Accenture in a Freefall

    Links for the day

  5. Links 23/03/2023: RSS Guard 4.3.3 and OpenBSD Webzine

    Links for the day

  6. Experiencing 15 Years of LibrePlanet Celebration Firsthand as a Volunteer: 2023 - Charting the Course

    Article by Marcia K Wilbur

  7. [Meme] Grabinski the Opportunity

    Reports of European Patents being invalidated (judges do not tolerate fake patents) have become so common that a kangaroo court becomes a matter of urgency for the EPO‘s Benoît Battistelli and António Campinos; will the EU and the EPO’s Administrative Council go along with it, helping to cover up more than a decade of profound corruption?

  8. Union Syndicale Fédérale Cautions the EPO's Administrative Council About Initiating an Illegal Kangaroo Court System for Patents (UPC) While EPO Breaks Laws and Sponsors the Ukraine Invasion

    Union Syndicale Fédérale (USF) is once again speaking out in support of the staff union of Europe's second-largest institution, which lacks oversight and governance because of profound corruption and regulatory capture

  9. Investigation Underway: Sirius 'Open Source' Embezzled/Stole Money, Robbed Its Own Staff

    In light of new developments and some progress in an investigation of Sirius ‘Open Source’ (for fraud!) we take stock of where things stand

  10. [Meme] Sirius 'Open Source' Pensions: Schemes or Scams? Giving a Bad Name to Open Source...

    What Sirius ‘Open Source’ did to its staff is rightly treated as a criminal matter; we know who the perpetrators are

  11. Sirius 'Open Source' Under Investigation for Pension Fraud, Several Pension Providers Examine the Facts

    2 pension providers are looking into Sirius ‘Open Source’, a company that defrauded its own staff; stay tuned as there’s lots more to come. Is this good representation for “Open Source”? From a company that had many high-profile clients in the public sector?

  12. Links 23/03/2023: Sparky 2023.03 Special Editions and SUSE Changes CEO (Dirk-Peter van Leeuwen)

    Links for the day

  13. Links 23/03/2023: Linux 6.2.8 and XWayland 23.1.0

    Links for the day

  14. IRC Proceedings: Wednesday, March 22, 2023

    IRC logs for Wednesday, March 22, 2023

  15. Apple 'Porn' Filter

    Guest post by Ryan Farmer: Apple and US State Governments Developing System to Require People to Report Themselves for Watching Porn.

  16. 3.5 Years Later Gemini Protocol and Geminispace Are Still 100% Community-Controlled

    Community-centric alternatives to the World Wide Web have gained traction; one of them, Gemini Protocol, continues to grow in 2023 and we're pleased to report progress and expansion

  17. Windows Falls to 16% Market Share in India (It was 97% in 2009), Microsoft Layoffs Reach India Too

    This month’s picture from the world’s most populous nation does not look good for Microsoft (it looks good for GNU/Linux); anonymous rumour mills online say that Microsoft isn’t moving to India but is actually firing staff based in India, so it’s a case of shrinking, not offshoring. When even low-paid (much lower salaries) staff is discarded it means things are very gloomy.

  18. Links 22/03/2023: GNOME 44 “Kuala Lumpur”

    Links for the day

  19. Microsoft Has Also Infiltrated the OSI's Board of Directors After Rigged Elections

    Weeks ago we warned that this would happen and for the third or fourth time in 2 years the OSI’s election process broke down; today the Open Source Initiative (OSI) writes: “The polls just closed, the results are in. Congratulations to the returning directors Aeva Black…” (Microsoft employee)

  20. Links 22/03/2023: Official Thunderbird Podcast Starts

    Links for the day

  21. IRC Proceedings: Tuesday, March 21, 2023

    IRC logs for Tuesday, March 21, 2023

  22. Many More Microsoft Layoffs Later Today

    Yesterday we shared rumours about Microsoft layoffs being planned for later today (there were 3 waves of layoffs so far this year). There are several more people here who say the same. How much noise will Microsoft make in the “media” in order to distract? Will the chaffbot "ChatGPT" help create enough chaff?

  23. Links 21/03/2023: JDK 20 and GNOME 43.5

    Links for the day

  24. Germany's Lobbyists-Infested Government Sponsors the War on Ukraine via the European Patent Office (EPO)

    The chief UPC ‘judge’ is basically seeking to break the law (and violate constitutions, conventions etc.) to start a kangaroo court while dodging real courts, just like Vladimir Putin does

  25. [Meme] The Meme That Team UPC (the Collusion to Break the European Laws, for Profit) Threats to Sue Us For

    António Campinos and Team UPC are intimidating people who simply point out that the Unified Patent Court (UPC) is illegal and Klaus Grabinksi, shown above, strives to head a de facto kangaroo court in violation of constitutions and conventions (the UK does not and cannot ratify; Ireland hasn’t even held a referendum on the matter)

  26. Microsoft is Sacking People Every Month This Year, Even Managers (While Sponsored Media Produces Endless Chatbot Chaff)

    Lots of Microsoft layoffs lately and so-called ‘journalists’ aren’t reporting these; they’re too busy running sponsored puff pieces for Microsoft, usually fluff along the “hey hi” (AI) theme

  27. 3 Months Late Sirius 'Open Source' Finally Deletes Us From the Fraudulent 'Meet the Team' Page (But Still Lists Many People Who Left Years Ago!)

    Amid fraud investigations the management of Sirius ‘Open Source’ finally removed our names from its “Meet the Team” page (months late); but it left in the page about half a dozen people who left the company years ago, so it’s just lying to its clients about the current situation

  28. Amid Fraud at Sirius 'Open Source' CEO Deletes His Recent (This Month) Past With the Company

    Not only did the Sirius ‘Open Source’ CEO purge all mentions of Sirius from his Microsoft LinkedIn account; he’s racing against the clock as crimes quickly become a legal liability

  29. Web Survey Shows Microsoft Falling Below 15% Market Share in Africa, Only One Minuscule African Nation Has Windows Majority

    A Web survey that measured Microsoft Windows at 97% in Africa (back in 2010) says that Windows has become rather small and insignificant; the Microsoft-sponsored mainstream media seems to be ignoring this completely, quite likely by intention...

  30. Rumours of More Microsoft Layoffs Tomorrow (Including Managers!), Probably Azure Again (Many Azure Layoffs Every Year Since 2020)

    Amazon is laying off AWS staff and Microsoft has been laying off Azure staff for 3 years already, including this year, so it seems like the “clown computing” bubble is finally bursting

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts