EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.31.10

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New


  1. Politically Correct Tech

    This new video entitled “Politically Correct Tech” covers a topic we’ve spoken a great deal about



  2. [Humour/Meme] High on Production, Stoned on Pseudoscience

    All-time high ‘production’ levels at the European Patent Office (EPO) do not mean what they want people to think and what they try hard to hide



  3. Missing From EPO Management: Actual Scientists

    Political figures and opportunists with connections occupy top positions at top European agencies; this assures self-destructive policies that diminish progress and cushion corruption



  4. All Software Should Come With a Cheat Mode

    Cheat modes are useful for developers because they enable debugging, and are sometimes called "Debug mode"



  5. Linus Torvalds Checks If It's Still Inclusive Enough to 'Bash' Bad Technology (of the Company Whose TPM Pusher Has Just Successfully Pushed to Remove Many Words)

    In the age of endless control of language (e.g. large corporations pushing for "inclusive" language whilst earning billions from bombing of 'inferior' countries) we see that it is still possible to condemn corporations on technical grounds (at least if you’re Linus Torvalds)



  6. Even Before Microsoft Paid ('Joined') the Linux Foundation Jim Zemlin Had a Preference for Microsofters

    Even years before the Linux Foundation was receiving money from Microsoft it had a tendency to hire Microsoft’s people for key positions (a lot of people no longer remember that, but it’s still in the public record; it was Jim Zemlin who approached if not chased Mr. Ramji to offer him the job and the colleagues saw no problem with that)



  7. IRC Proceedings: Saturday, July 11, 2020

    IRC logs for Saturday, July 11, 2020



  8. Links 12/7/2020: KDE Plasma 5.20 Preview and Elive 3.8.14 Beta

    Links for the day



  9. [Humour] The 'Orange One' Does Not Respect Judges Either

    More than two years after taking over the European Patent Office (EPO) António Campinos has done absolutely nothing to restore judicial independence of the Boards of Appeal of the EPO



  10. The Systemd Song

    Speak out about IBM's strategy before we're all using GNU/Linux distros 'barcoded' with systemd



  11. Monopoly (or Vendor Lock-in) is Not Modularity

    IBM cannot totally control the kernel, Linux; IBM's control over GNU/Linux may be worth even more than what it paid for Red Hat as that's the key to overpriced support contracts and the general direction of development (important trends such as file systems and various low-level stacks)



  12. The Internet Archive Doesn't Forget, Whereas the Internet and the Web Forget Very Fast

    World Wide Web history is grossly undervalued and preservation of such history (e.g. by the Wayback Machine) is taken for granted by far too many people; the robber barons of today benefit the most from erosion of collective memory as they get to rewrite the past to suit their present and future interests



  13. Environmentalism and Free Software Can be Viewed as Closely Connected and Help One Another

    Modest lifestyles are an overlapping pattern in the Free software community and green activists; there's room for alliances and collaboration, bettering society by reducing consumption and discouraging voyeurism



  14. Free (as in Freedom) Software + Social Control Media ≠ Free Speech

    Speaking through middlemen and private platforms is bad enough (that gives others unjust power over speech); to claim that because the underlying platform is free/libre software it therefore becomes a non-issue is also dishonest



  15. António Campinos: President or Quasi-Autocratic Corporate Puppet?

    The culture of oppression — and censorship of evidence of oppression — is what today’s EPO is all about; the EPO learned how to better avoid (or block) negative publicity without actually changing its ways; and due to unprecedented speech restrictions you won’t hear that from SUEPO



  16. The Media Continues to Ignore Corruption of António Campinos

    António Campinos has Croatian scandals on his lap; the obedient media, however, refuses to even talk about it (or uses COVID as an excuse to write nothing on the subject, as some journalists have told us)



  17. A Call for Patent Sanity

    The public's call for reform is motivated by improved understanding of today's debased patent system and how out-of-order (detached from its original mission statement) it has gotten; patent maximalism, if it does not completely unravel this whole system, severely discredits it



  18. Declassified US Army Field Manuals Explain Microsoft's Public Relations Strategy (Similar to Selling Imperialism to the Occupied)

    The misuse of public broadcast to brainwash the public is well understood and thoroughly exploited by both Microsoft and the Gates Foundation (which sells this ridiculous lie that the world’s richest people speak for and fight for the poorest, i.e. those impoverished by endless greed)



  19. IRC Proceedings: Friday, July 10, 2020

    IRC logs for Friday, July 10, 2020



  20. Links 11/7/2020: Slackel 7.3 Openbox, Kiwi TCMS 8.5, Librem 5 Dogwood Update 3

    Links for the day



  21. Education Without Free Software is Training or Indoctrination

    Kids need to decide for themselves what they want to do and what they wish to use when they grow up; schools need to provide general tools and the mental capacity to make good decisions (rather than make these decisions for the kids, sometimes at the behest of foreign monopolists)



  22. Links 10/7/2020: Wayland-Info, diffoscope 151 and Tor 0.4.4.2-alpha

    Links for the day



  23. European FRAND (Related to SEP) Proponent and Famed Programmer Comes to Realise That It's Actually a “Scam”

    Even people who have long promoted the practice of mandatory "licensing" (in effect patent tax one is unable to work around) are apparently changing their minds and their tune



  24. Not Even a Single Corporate Journalist Has Written Anything About These Very Important Bits of News (Updated)

    Constant propaganda from patent maximalists has long infested the media, which is sometimes controlled and even bribed to set the tone and the agenda; important developments are being tucked away and require very deep digging for ordinary citizens to find



  25. IRC Proceedings: Thursday, July 09, 2020

    IRC logs for Thursday, July 09, 2020



  26. Racism in Technology (and Who Typically Lectures Us About the Subject)

    Racism is a real problem; some approaches to tackling racism, however, can also be problematic and those who take the lead 'on behalf' of victims tend to be opportunistic and privileged few (piggybacking others' grievances to further advance their financial agenda)



  27. Links 10/7/2020: Debian 8 Long Term Support EOL, Mobian Project, Mesa 20.1.3

    Links for the day



  28. [Humour] COVID-19 is Very, Very Afraid of Human Beings Making More Monopolies Instead of Fighting Together

    The European Patent Office (EPO) to the rescue! Fighting a dangerous pandemic one profitable monopoly at a time!



  29. The News is Never 'Slow', It's Just Journalism That's Slowing Down (and Investigative Journalism Coming Under Attack)

    A mix of censorship and subtle mind control contribute to misinformed societies that shape their perception or misunderstanding of the world based on false measures of authority (where money can determine what is true and what is untrue); many topics remain completely untouched, leading to apathy in a vacuum; it's very much applicable to international organisations, which are presumed benign by virtue of being multi-national or supranational



  30. Social Control Media is About Social Control and If It Doesn't Ban You It'll Shut Down Everyone's Account (One Day)

    It’s time to leave the ‘Internet rot’ which is social control media well behind us; blogging and RSS/XML may seem like a thing of the past, but they may as well become the future (again; if we make the correct and informed choices)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts