EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.09.10

More Critical Vulnerabilities in Vista 7, Windows Left Unsafe for Another Month

Posted in Microsoft, Security, Vista 7, Windows at 8:09 am by Dr. Roy Schestowitz

Global warming

Summary: Microsoft does not patch serious flaws (it only patches one “critical” flaw, even in Vista 7) and many people are knocked offline as a result of Microsoft negligence

AS Microsoft prepares to patch critical problems in Vista and Vista 7 next week, it seems apparent that:

  1. Microsoft continues to be knowingly negligent when it comes to security (also see [1, 2])
  2. The latest version of Windows is just as vulnerable as predecessors and some experts say it is even more vulnerable

Among the posts which demonstrate the second point:

Here is the latest demonstration of the first point — that Microsoft is being negligent. From The Register:

Microsoft won’t fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

[..]

That may lighten the load on IT admins, but it also means potentially serious vulnerabilities known to affect Internet Explorer 8 and Windows 7 will be allowed to fester for at least another 28 days.

As reported previously by El Reg, the IE 8 bug can enable attacks against people browsing websites that are otherwise safe to view. The flaw can be exploited to introduce XSS, or cross-site scripting, exploits on webpages, allowing attackers to inject malicious content and code. Ironically, it resides in a feature Microsoft added to harden the browser against that very type of attack.

[...]

Also remaining unfixed is a bug that allows an attacker to completely lock up systems running windows 7 and Windows 2008R2. The flaw, which resides in the OSes’ SMB, or server message block, can be triggered remotely by sending malformed traffic that specifies incoming packets that are smaller or larger than they actually are. SMB is a network protocol used to provide shared access to files and printers.

More at IDG:

Microsoft Won’t Fix Windows 7 Crash Bug Next Week

[...]

However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated “critical” — Microsoft ‘s most serious rating in its four-step scoring system — in Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as well as Windows Server 2003, Server 2008 and Server 2008 R2, but is tagged as “low” for those editions.

And more from the British news:

Websense warns on Microsoft rogue AV

Searches redirect to malicious sites

Here again is the latest consequence of having hundreds of millions of Windows zombie PCs out there.

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.

That would be a whole day’s work/leisure lost for approximately 30,000 customers (some of whom are entire families). What would the cost of this DDOS attack? Either way, Microsoft UK is profiteering from this (also outside the UK), almost always at the expense of taxpayers (externalities to them).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. 5 Years Ago the Linux Foundation Turned Linux.com Into a Non-Linux Site

    One can leverage the Internet Archive’s Wayback Machine to better understand how, over time, the Foundation called “Linux” deviated or diverged away from its mission statement for the sole purpose of raising corporate funds and selling influence to corporations (passing the community’s hard work to them — a form of tacit privatisation)



  2. Microsoft Redefining Ownership and Identity of GNU/Linux

    The idea that “Microsoft loves Linux” is as insane as it gets; but the lie which is “Microsoft loves Linux” is a powerful enabler of Microsoft entryism, e.g. if Greg steps down, does a Microsoft employee become the deputy of Linus Torvalds?



  3. Things That Cannot Be Said

    The limits on what we can say are mostly defined by what sources permit us to say publicly (for the sake of source protection)



  4. Fake European Patents (on Algorithms) Leading to Fake Embargoes

    Law firms have gotten their way in Germany; instead of supporting the productive workers the patent system is nowadays promoting the litigation 'industry' and it ought to be corrected



  5. From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

    What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse



  6. Dangerous Thinker

    Society oughtn't be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people



  7. Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

    It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as "news sites" latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)



  8. IRC Proceedings: Friday, December 06, 2019

    IRC logs for Friday, December 06, 2019



  9. Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

    Links for the day



  10. Links 6/12/2019: DRM in GNU/Linux and Sparky Bonsai

    Links for the day



  11. The EPO Rejects Innovation

    The EPO ceased caring about the needs of scientists whose work involves invention; instead, EPO management crafts increasingly lenient guidelines that yield illegal European Patents (not compatible with the EPC) that heavily-besieged EPO judges are unable to stop



  12. Startpage CEO Robert Beens in 'Damage Control' Mode, Trying to Get Startpage Relisted After Selling to a Massive Surveillance Company

    PrivacytoolsIO is being lobbied by the CEO of Startpage to relist Startpage, based on no actual refutations at all



  13. IRC Proceedings: Thursday, December 05, 2019

    IRC logs for Thursday, December 05, 2019



  14. Links 5/12/2019: qBittorrent 4.2.0, Expensive Librem 5 and OpenBSD Bugs

    Links for the day



  15. Microsoft Staff Repeatedly Refuses to Tell How Many People Use WSL, Defends Patent Extortion and Blackmail of Linux Instead

    The people who develop WSL (mostly Microsoft employees) get easily irritated when asked how many people actually use this thing; but more interestingly, however, they reveal their disdain for GNU/Linux and support for Microsoft blackmail (for 'Linux patent tax')



  16. IRC Proceedings: Wednesday, December 04, 2019

    IRC logs for Wednesday, December 04, 2019



  17. Links 4/12/2019: Tails 4.1, UCS 4.4-3 and Proxmox VE 6.1

    Links for the day



  18. Google Tightens Its Noose

    Now it’s official! Google is just a bunch of shareholders looking to appease the Pentagon at all costs



  19. Europeans Still Need to Save the European Patent Office From Those Who Attack Its Patent Quality

    Patent quality is of utmost interest; without it, as we're seeing at the EPO and have already seen at the USPTO for a number of years, legal disputes will arise where neither side wins (only the lawyers win) and small, impoverished inventors or businesses will be forced to settle outside the courts over baseless allegations, often made by parasitic patent trolls (possessing low-quality patents they don't want scrutinised by courts)



  20. We Never Accepted and Will Never Accept Corporate Money

    Corporate money is a unique problem because of its magnitude and the fact that it's impersonal; shareholders can only ever accept its supposed justifications if they're receiving something in return (of proportional worth to the payment/transaction)



  21. IRC Proceedings: Tuesday, December 03, 2019

    IRC logs for Tuesday, December 03, 2019



  22. Links 3/12/2019: elementary OS 5.1 Hera, Plasma 5.17.4, Firefox 71

    Links for the day



  23. Laundering the Reputation of Criminals: That's an Actual Job

    An important reminder that the manufactured, paid-for (media is being bribed) image of Bill Gates is the product of the PR industry he enlisted to distract from his endless crimes



  24. 'Priceless' Tickets to the EPO's Back End and Team UPC

    CIPA's and the EPO's event (later this week) is more of the same; the EPO exists not to serve European businesses but a bunch of law firms and their biggest clients (which usually aren't even European)



  25. IRC Proceedings: Monday, December 02, 2019

    IRC logs for Monday, December 02, 2019



  26. New EPO Leak Shows That the Rumours and Jokes Are Partly True and We Know Who 'Runs the Show'

    Europe’s second-largest institution is so profoundly dysfunctional, a reprehensible kakistocracy of tribalism, money-grabbing career-climbing autocrats and possibly major fraud; today’s leak looks at what motivated and enabled the formation and latest incarnation of “Team Campinos”



  27. Links 2/12/2019: Linux Mint 19.3 Beta, DPL Sam Hartman Talks About SystemD

    Links for the day



  28. What Former Debian Project Leader (Second to the Late Ian Murdock) Thinks About SystemD in Debian GNU/Linux

    Now that Debian is debating and voting on diversity in the technical sense the thoughts of Bruce Perens merit broader audience/reach



  29. Free/Libre Software Will Eventually Become the Norm, 'Open Source' is Just Proprietary Software Trying to 'Buy Time'

    More people are starting to ask questions about Free software while “Open Source” languishes (people can see it’s just a mask for proprietary software); it was a two-decade delaying tactic that’s wearing off (people see GitHub and the OSI/Linux Foundation for what they really are)



  30. IRC Proceedings: Sunday, December 01, 2019

    IRC logs for Sunday, December 01, 2019


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts