EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm


    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New

  1. Links 18/3/2018: Wine 3.4, Wine-Staging 3.4, KDE Connect 1.8 for Android

    Links for the day

  2. TXED Courts Are Causing Businesses to Leave the District, Notably For Fear That Having Any Operations Based There is a Legal Liability

    A discussion about the infamous abundance of patent cases in the Eastern District of Texas (TXED/EDTX) and what this will mean for businesses that have branches or any form of operations there (making them subjected to lawsuits in that district even after TC Heartland)

  3. PTAB Hatred is So Intense Among the Patent 'Industry' That Even Scammers Are Hailed as Champions If They Target PTAB

    The patent microcosm is so eager to stop the Patent Trial and Appeal Board (PTAB) that it's supporting sham deals (or "scams") and exploits/distorts the voice of the new USPTO Director to come up with PTAB-hostile catchphrases

  4. The Patent 'Industry' is Increasingly Mocking CAFC and Its Judges Because It Doesn't Like the Decisions

    Judgmental patent maximalists are still respecting high courts only when it suits them; whenever the outcome is not desirable they're willing to attack the legitimacy of the courts and the competence of judges, even resorting to racist ad hominem attacks if necessary

  5. The Patent Trial and Appeal Board (PTAB) Carries on Enforcing § 101, Invalidating Software Patents and Upsetting the Patent 'Industry' in the Process

    A quick report on where PTAB stands at the moment, some time ahead of the Oil States decision (soon to come from the US Supreme Court)

  6. Luxembourg Can Become a Hub of Patent Trolls If the EPO Carries on With Its 'Reforms', Even Without the UPC

    With or without the Unified Patent Court (UPC), which is the wet dream of patent trolls and their legal representatives, the EPO's terrible policies have landed a lot of low-quality patents on the hands of patent trolls (many of which operate through city-states that exist for tax evasion -- a fiscal environment ripe for shells)

  7. The Patent 'Printing Machine' of the EPO Will Spawn Many Lawsuits and Extortions (Threats of Lawsuits), in Effect Taxing Europe

    The money-obsessed, money-printing patent office, where the assembly line mentality has been adopted and patent-printing management is in charge, is devaluing or diluting the pool of European Patents, more so with restrictions (monetary barriers) to challenging bad patents

  8. Links 17/3/2018: Varnish 6, Wine 3.4

    Links for the day

  9. Deleted EPO Tweets and Promotion of Software Patents Amid Complaints About Abuse and Demise of Patent Quality

    Another ordinary day at the EPO with repressions of workforce, promotion of patents that aren't even allowed, and Team UPC failing to get its act together

  10. Guest Post: Suspected “Whitewashing” Operations by Željko Topić in Croatia

    Articles about EPO Vice-President Željko Topić are disappearing and sources indicate that it’s a result of yet more SLAPP from him

  11. Monumental Effort to Highlight Decline in Quality of European Patents (a Quarter of Examiners Sign Petition in Spite of Fear), Yet Barely Any Press Coverage

    he media in Europe continues to be largely apathetic towards the EPO crisis, instead relaying a bunch of press releases and doctored figures from the EPO; only blogs that closely follow EPO scandals bothered mentioning the new petition

  12. Careful Not to Conflate UPC Critics With AfD or Anti-EU Elements

    The tyrannical Unified Patent Court (UPC) is being spun as something that only fascists would oppose after the right-wing, anti-EU politicians in Germany express strong opposition to it

  13. Links 15/3/2018: Qt Creator 4.6 RC, Microsoft Openwashing

    Links for the day

  14. PTAB Continues to Increase Capacity Ahead of Oil States; Patent Maximalists Utterly Upset

    The Patent Trial and Appeal Board (PTAB) sees the number of filings up to an almost all-time high and efforts to undermine PTAB are failing pretty badly -- a trend which will be further cemented quite soon when the US Supreme Court (quite likely) backs the processes of PTAB

  15. Patent Maximalists Are Still Trying to Create a Patent Bubble in India

    Litigation maximalists and patent zealots continue to taunt India, looking for an opportunity to sue over just about anything including abstract ideas because that's what they derive income from

  16. EPO Staff Has Just Warned the National Delegates That EPO's Decline (in Terms of Patent Quality and Staff Welfare) Would Be Beneficial to Patent Trolls

    The staff of the EPO increasingly recognises the grave dangers of low-quality patents -- an issue we've written about (also in relation to the EPO) for many years

  17. The EPO is a Mess Under Battistelli and Stakeholders Including Law Firms Will Suffer, Not Just EP Holders

    As one last 'gift' from Battistelli, appeals are becoming a lot more expensive -- the very opposite of what he does to applications, in effect ensuring a sharp increase in wrongly-granted patents

  18. The EPO Under Battistelli Has Become Like China Under Xi and CPC

    The EPO is trying very hard to silence not only the union but also staff representatives; it's evidently worried that the lies told by Team Battistelli will be refuted and morale be affected by reality

  19. Links 14/3/2018: IPFire 2.19 – Core Update 119, Tails 3.6

    Links for the day

  20. Links 13/3/2018: Qt Creator 4.5.2, Tails 3.6, Firefox 59

    Links for the day

  21. Willy Minnoye (EPO) Threatened Staff With Disabilities Said to Have Been Caused by the EPO Work Pressures

    Willy Minnoye, or Battistelli's 'deputy' at the EPO until last year, turns out to have misused powers (and immunity) to essentially bully vulnerable staff

  22. IAM and IBM Want Lots of Patent Litigation in India

    Having 'championed' lobbying for litigation Armageddon in China (where IBM's practicing business units have gone), patent maximalists set their eyes on India

  23. The Patent Trolls' Lobby (IAM) Already Pressures Andrei Iancu, Inciting a USPTO Director Against PTAB

    Suspicions that Iancu might destroy the integrity of the Office for the sake of the litigation ‘industry’ may be further reaffirmed by the approach towards patent maximalists from IAM, who also participated in the shaming of his predecessor, Michelle Lee, and promoted a disgraced judge (and friend of patent trolls) for her then-vacant role

  24. Patent Trolls in the United States Increasingly Target Small Businesses Which Cannot Challenge Their Likely-Invalid Software Patents

    South by Southwest (SXSW Conference/Festivals in Austin, Texas) has a presentation about patent trolls, whose general message may be reaffirmed by recent legal actions in Texas and outside Texas

  25. EPO Staff Union Organises Protest to Complain About Inability “of the Office to Recruit the Highly Qualified Staff it Needs.”

    Having already targeted union leaders and staff representatives, the EPO may soon be going after those whom they passionately represented and the staff union (SUEPO) wants the Administrative Council to be aware

  26. Battistelli Likes to Describe His Critics as 'Nazis', Team UPC Will Attempt the Same Thing Against UPC Critics

    Demonising one's opposition or framing it as "fascist" is a classic trick; to what degree will Team UPC exploit such tactics?

  27. Session in Bavaria to Discuss the Abuses of the European Patent Office Later Today

    The EPO shambles in Munich have gotten the attention of more Bavarian politicians, more so in light of the Constitutional complaint against the UPC (now dealt with by the German FCC, which saw merit in the complaint)

  28. Links 12/3/2018: Linux 4.16 RC5, KEXI 3.1, Karton 1.0, Netrunner 18.03, Debian 9.4

    Links for the day

  29. EPO Patent 'Growth' Not Achieved But Demanded/Mandated by Battistelli, by Lowering Quality of Patents/Services

    Targets at the EPO are not actually reached but are being imposed by overzealous management which dries up all the work in a hurry in order to make examiners redundant and many European Patents worthless

  30. Doubt Over Independence of Judges at the EPO Clouds Reason in Deciding Regarding Patents on Life

    With the growing prospect of a Board of Appeal (BoA) having to decide on patentability of CRISPR 'innovation' (more like explanation/discovery), questions linger or persist about judges' ability to rule as they see fit rather than what some lunatic wants


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts