05.31.10

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New


  1. Links 25/11/2020: GamerOS and Biden Transition in Motion

    Links for the day



  2. An Orwellian December

    With December around the corner and states tightening the screws on the population (or employers on employees) at least we can look forward to spring



  3. The Non-Technical (or Lesser Technical) Software User That Wants Software Freedom

    Assuming that Free software should care about what users — not only developers — really want (and need) it’s important to understand how they view the current situation (with growing waves of corporate takeover and compromises, even expulsions)



  4. The European Patent Office Should be Run by Patent Examiners (Scientists), Not Politicians

    Europe would be better off (and patent quality much improved) had people with an actual grasp of science and reality were in charge of the EPO, not a money-chasing kakistocracy (which is what we have now)



  5. Member of the EPO's Boards of Appeal Explains Why VICOs (or ViCo/Video Conferences/Virtual 'Hearings') Are Not Suitable for Justice

    It's interesting to hear (or see/read) what people inside the EPO have to say about the "new normal" when they enjoy a certain level of anonymity (to avert retribution)



  6. Open Source Initiative (OSI) Co-founder Bruce Perens: Open Invention Network (OIN) is Protecting the Software Patent System From Reform and OSI Approves Faux 'Open' Licences (Openwashing)

    Richard Stallman was right about the OSI and the fake 'movement' that claims to have 'coined' the term "Open Source" (it wasn't a new term at all; it had been used in another context and the Free software community spoke of things like "Open Hardware" years earlier)



  7. IRC Proceedings: Tuesday, November 24, 2020

    IRC logs for Tuesday, November 24, 2020



  8. Making JavaScript Suck Less

    "Other than that, the first rule of JavaScript is: Do not use JavaScript. But this article is for people who break the first rule."



  9. Microsoft 'Moles' Inside WINE Project? WINE Should Bring Windows Users to GNU/Linux, Not the Other Way Around.

    The press release above (link omitted, it was pinned in several sites) is a cause for concern; after Microsoft infiltrated OSI and the Linux Foundation (both are now GitHub boosters, in effect diverting projects to Microsoft’s proprietary monopoly) it’ll be important to watch this space



  10. Links 25/11/2020: Raspberry Pi 400 With Touchscreens, Animation Framework in GTK/GNOME

    Links for the day



  11. [Meme] Things Will Get Amusing When/If EPO Proceedings Are Cancelled Due to Patent Trolls Suing the Platforms Using Software Patents (Granted by the EPO)

    The management of the EPO is so proud to be granting illegal software patents in Europe; this clear abuse of authority can come back to bite it in the rear



  12. Dr. Bausch Questions the Merits and Claims of EPO Management Regarding ViCo ('Skynet' Virtual 'Courts')

    Few courageous attorneys are willing to speak out about (and against) what EPO management is doing right now, in effect exploiting a public health crisis to override the law, spy on lots of people, outsource legal proceedings to the United States and so on



  13. Links 24/11/2020: Linux 5.9.11, Istio 1.6.14 and LibreOffice 7.1 Beta Released

    Links for the day



  14. Lots of Good News Today

    A quick roundup of news and key developments; most of them are positive and they give us hope



  15. Massive Collective Action Begins at the European Patent Office Today, Demanding Change and Forewarning the Management (Litigation)

    The financial "hoax" at the EPO (taking away money from staff to feed a gambling addiction of managers) needs to stop; staff has begun mass-mailing the management, threatening legal action



  16. EPO Management is Still Distracting From the 'Elephant in the Room' by Corrupting Media and Academia

    Under the EPO's dictatorship the law is being routinely violated; in order for the public to not pay attention or receive mixed messages (resulting in confusion) the EPO is manufacturing so-called 'studies' (which patent offices aren't supposed to do; they should focus on patent-granting while complying with the law)



  17. EPO's Central Staff Committee on Latest Meeting With Office Dictator: “No Meaningful Discussion Could Take Place.”

    Whilst allegedly preparing legal action the staff representatives at the EPO report on the lack of progress after so-called 'dialogues' (merely a false impression of consultation)



  18. Growing Concerns That EPO Staff Has Been Placed Under de Facto House Arrest by an Entirely Unaccountable Office

    "House arrest" is excessive and disproportionate. So says the Central Staff Committee of Europe's second-largest institution (which surprisingly enough the media is failing to properly study and investigate) as it highlights yet more human rights violations.



  19. IRC Proceedings: Monday, November 23, 2020

    IRC logs for Monday, November 23, 2020



  20. Internal Error: Unified Patent Court and Unitary Patent Incompatible With the Constitution and Basic Laws

    The FFII has issued a statement for Members of the Bundestag, Members of the European Parliament, Members of the Council, German Presidency of the EU, Chancellor Merkel, Commissioner Von Der Leyen, Commissioner Reynders, and Battistelli's buddy Breton



  21. The EPO is Using Hype Wave and Buzzword to Promote Illegal Software Patents in a So-Called “Digital Conference”

    The "HEY HI" or "AI" hype is misused by the Office; not just in person but also in webstreams, which basically serve as a vehicle for illegal agenda



  22. Dutch Delegation and German Delegation at the Administrative Council of the EPO Upset at the Office for Secrecy, Working Behind the Scenes to Crush Productive Staff

    Less than halfway through his term at the Office, Battistelli's buddy already faces growing criticism and, according to the Central Staff Committee, he "was emotionally affected by the intervention such that he was not able to effectively reply to the questions of the delegates."



  23. Links 23/11/2020: GNU Guix 1.2.0, Evaluating Precursor’s Hardware Security, Kdenlive 20.08.3, Kodi 19.x Beta, Vulkan 1.2.162

    Links for the day



  24. Links 23/11/2020: Linux 5.10-rc5, GIMP Turns 25, 4MLinux 34.2, Escuelas Linux 6.11, MPV Player 0.33

    Links for the day



  25. How to Put on Airs of Professionalism Like a Boss

    "Boardroom suits are not meant to be flashy, but to conform. Simple lines and smart ties -- the opposite of what Richard Stallman would wear, show that you are either a well-machined cog or a serious adversary."



  26. IRC Proceedings: Sunday, November 22, 2020

    IRC logs for Sunday, November 22, 2020



  27. Legal Action at the European Patent Office (EPO) Leveraged Against Management... for Robbing EPO Staff and Robbing Europe, by Extension

    The EPO is being looted for its value; the staff is rightly concerned and there’s legal action on the way, filed reluctantly as there’s clearly no other option (a last resort/necessary recourse)



  28. Cory Doctorow at Privacy Week 2020 on DRM, Freedom/Software Freedom, Regulation, Etc.

    “We Used To Have Cake, Now We’ve Barely Got Icing” by Cory Doctorow.



  29. Links 22/11/2020: KaOS 2020.11, Calindori 1.3, KStars 3.5.0

    Links for the day



  30. New Position Paper on the Unified Patent Court (UPC) Says It's “Not the Best Solution for Europe” -- Clearly an Understatement

    UPC proponents (profiteers) aren't enjoying support anymore; not only has progress stalled (come to a complete stop) but the whole debate about the UPC (or anything conceptually like it) turned toxic and negative because facts come out, overriding lobbyists of litigation giants


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts