Bonum Certa Men Certa

Windows Users Left Vulnerable Over Christmas, as Usual

Boycott Novell on hand



Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year -- including the previous one -- Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.



This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

"Microsoft IIS vuln leaves users open to remote attack



A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension ".asp." By appending ";.jpg" or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.


How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don't know. Schmidt is good, but I don't know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority -- I don't know.


Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion



[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.


Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game



[...]

In all seriousness, this is certainly just an error on Microsoft's part - someone meant to type in "800 MS Points" (or $10) and ended up pricing the game at 80 times that.


It could be a human error at the input level, but still...

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox's share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer's share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it's being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that's Firefox.


More information in:



According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 10, 2026
IRC logs for Friday, July 10, 2026
Links 11/07/2026: Wednesday-Saturday News Catch-up
Links for the day
Prioritising High-Importance News
In order to fully catch up with news we'll not publish many new articles until next week
The Register MS: "AI" More Than 80 Times in One Article. But It's Not an Article, It's Sponsored Keyword-stuffed Page.
The Register MS is being paid to actively promoted this scheme
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 09, 2026
IRC logs for Thursday, July 09, 2026
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 08, 2026
IRC logs for Wednesday, July 08, 2026
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 07, 2026
IRC logs for Tuesday, July 07, 2026
Links 07/07/2026: Microsoft Cuts Doom "id Software" and Turkey Detains Journalists
Links for the day
Gemini Links 07/07/2026: Old Computer Challenge (OCC) and Hardware Tests
Links for the day
A Break From the Routine
What matters is what whistleblowers keep feeding information to us
SLAPP Censorship - Part 132 Out of 200: When You Cannot Pay a Million Pounds (1,335,520.00 United States Dollar) to Lawyers But Have a Strong Community
Techrights compensates for its fiscal poverty with a wealth of community spirit