EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.31.10

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New

  1. Links 19/6/2013: Chromebooks Spread, Linux Community Distro Poll, Nokia Sale Talks Over, Subversion 1.8

    Links for the day

  2. White House Should Identify USPTO as the Problem, Not Patent Trolls

    Continued analysis, accompanied by new stories, of the patent situation and what is needed to address the increasingly recognised harms of patents

  3. British and German Governments Under Siege by Lobbyists of Microsoft and Its Local Partners, Free Software Policy Dumped in Favour of Backdoors-Enabled Binaries

    Following lobbying and perhaps intimidation or bribery, Microsoft binaries with privileged access to them (ripe for cracking by the malpractising NSA/CIA) are being put ahead of Free/libre software, despite the latter being recently mandated

  4. Links 18/6/2013: Ubuntu Linux for Phones Attracts Carriers, Nokia Might be Saved by China/Android

    Links for the day

  5. Judge Jackson Dies While Microsoft Continues to Abuse the System, This Time Using Nokia as a Front

    The abusive behaviour of Microsoft continues unabated long after Judge Jackson warned about the sociopathic management and its dangers

  6. Microsoft Dirty Tricks to Promote Xbox One Vapourware

    The hallmarks of Microsoft -- AstroTurfing, vapourware, developers disdain and interference with journalism -- found sparingly in the gaming consoles scene

  7. Microsoft is Not Done With SCO Yet

    The SCO v. IBM case is reopened, despite a glaring lack of funds, resuming the FUD against Linux

  8. Boycott Best Buy

    The company with history of hostility towards GNU/Linux is now becoming part of Microsoft

  9. Links 17/6/2013: Android's Extended Lead Over iOS, Sony Smartwatch Gets FOSS

    Links for the day

  10. IRC Proceedings: June 9th, 2013-June 15th, 2013

    IRC logs for June 9th, 2013 (and subsequent days until June 15th, 2013)

  11. Upgrading/Updating Techrights

    Server maintenance complete, making pageloads faster and the Web site more robust, hence resilient against attacks

  12. Links 15/6/2013: IBM and KVM, KDE 4.11 Beta

    Links for the day

  13. Confirmed: Microsoft Tells the NSA About Back Doors in Windows

    Official confirmation that the NSA is being notified about ways of hijacking Windows before Microsoft releases fixes

  14. Still Missing the Point of Patent Scope (Patents on Mathematics and Nature) as the Problem in the United States

    Examples of some new reports that deal with the suggested patent reform in the US and why it is misguided

  15. Germany Should Follow the 'Munich Model' and Move to Free Software After PRISM Revelations

    Despite the success story of Munich and the increasing distrust surrounding proprietary software, bureaucrats in Berlin refuse to abandon Microsoft just yet

  16. Bill Gates Looking for Profit in Privatised Oppression in the United Kingdom and Elsewhere

    Famous criminal Bill Gates pays the privatised police forces in the UK to get more profit while keeping popular movements dampened

  17. Links 14/6/2013: Linux Innovation Debated, Video of Megaupload Raid

    Links for the day

  18. As the Battle to Legitimise Software Patents in New Zealand and Europe Carries on, New Systemic Corruption Found

    A roundup of stories from battlegrounds for software patents "as such"

  19. Microsoft Talking Points Planted by Microsoft Staff in the Geek Press

    Microsoft is playing with editorial staff of Slashdot, marketing itself as a FOSS company

  20. A Big Blow to Patents on Software and Genetics in the United States, But Hardly the End

    Little progress made with policy moving in the right direction, but by no means the right and absolute solution to USPTO incompetence

  21. Microsoft Supports Apple in Fight Against Linux/Android, Pushing FRAND

    Microsoft publicly steps forward as part of Apple's war on Linux/Android, making the anti-FOSS alliance more visible than before

  22. Rape Jokes Are Not Going to Save Microsoft

    Microsoft's attempts at being "cool" are not working out and the Vista series is falling to obscurity levels

  23. Glenn Greenwald Should Copy Snowden's Leak for Wikileaks to Publish in Full in Order to Counter Denials of Microsoft et al. (Updated)

    There should be more to come from the whole PRISM/NSA-gate, but the ball is in the court of one activist/lawyer/blogger, Glenn Greenwald

  24. Links 13/6/2013: CyanogenMod Gets Incognito Mode

    Links for the day

  25. Links 12/6/2013: Linux 3.11 Previews, KDE Working in Wayland

    Links for the day

  26. CNN: Where Agenda and Lobbying Trump Facts and Justice

    Corporate propaganda channel is being used by a Microsoft lobbyist to demonise Android -- not companies that attack Android -- by essentially twisting reality

  27. Obama Administration Misuses the 'T Word' (Troll) to Dodge Serious Issues

    Failing to see how patents themselves actually distort the market for everyone (not just some large corporations), Obama wants to wash his hands with legislation that will resolve nothing and legitimise the notoriously unsupervised patent regime

  28. Links 11/6/2013: More on PRISM and Snowden, Linux Mint Increasingly Praised

    Links for the day

  29. PRISM Lite: Bill Gates and Rupert Murdoch Collecting Information About Everybody's Children

    A surveillance scheme for juniors and how it is being used to program the young generation to support patent monopolies of Bill Gates, such as GMO

  30. White House Should Go After the Trolls' Ringleaders, Not Just Patent Trolls

    Why the stance of the White House is misguided and short-sighted in an age when trolls are like mercenaries for players in conspiracies and pyramid schemes of patents

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts