EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.31.10

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New


  1. Links 18/9/2018: Qt 5.12 Alpha , MAAS 2.5.0 Beta, PostgreSQL CoC

    Links for the day



  2. Today's European Patent Office (EPO) Works for Large, Foreign Pharmaceutical Companies in Pursuit of Patents on Nature, Life, and Essential/Basic Drugs

    The never-ending insanity which is patents on DNA/genome/genetics and all sorts of basic things that are put together like a recipe in a restaurant; patents are no longer covering actual machinery that accomplishes unique tasks in complicated ways, typically assembled from scratch by humans; some supposed 'inventions' are merely born into existence by the natural splitting of organisms or conception (e.g. pregnancy)



  3. The EPO Has Quit Pretending That It Cares About Patent Quality, All It Cares About is Quantity of Lawsuits

    A new interview with Roberta Romano-Götsch, as well as the EPO's promotion of software patents alongside CIPA (Team UPC), is an indication that the EPO has ceased caring about quality and hardly even pretends to care anymore



  4. Qualcomm's Escalating Patent Wars Have Already Caused Massive Buybacks (Loss of Reserves) and Loss of Massive Clients

    Qualcomm's multi-continental patent battles are an effort to 'shock and awe' everyone into its protection racket; but the unintended effect seems to be a move further and further away from 'Qualcomm territories'



  5. Links 17/9/2018: Torvalds Takes a Break, SQLite 3.25.0 Released

    Links for the day



  6. The Patent Trial and Appeal Board (PTAB) Helps Prevent Frivolous Software Patent Lawsuits

    PTAB with its quality-improving inter partes reviews (IPRs) is enraging patent maximalists; but by looking to work around it or weaken it they will simply reduce the confidence associated with US patents



  7. Abstract Patents (Things One Can Do With Pen and Paper, Sometimes an Abacus) Are a Waste of Money as Courts Disregard Them

    A quick roundup of patents and lawsuits at the heart of which there's little or no substance; 35 U.S.C. § 101 renders these moot



  8. “Blockchain” Hype and “FinTech”-Like Buzzwords Usher in Software Patents Everywhere, Even Where Such Patents Are Obviously Bunk

    Not only the U.S. Patent and Trademark Office (USPTO) embraces the "blockchain" hype; business methods and algorithms are being granted patent 'protection' (exclusivity) which would likely be disputed by the courts (if that ever reaches the courts)



  9. Qualcomm's Patent Aggression Threatens Rationality of Patent Scope in Europe and Elsewhere

    Qualcomm's dependence on patent taxes (so-called 'royalties' associated with physical devices which it doesn't even make) highlights the dangers now known; the patent thicket has grown too "thick"



  10. Months After Oil States the Patent Maximalists Are Still Desperate to Crush PTAB in the Courts, Not Just in Congress and the Office

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) improve patent quality and are therefore a threat to those who profit from spurious feuding and litigation; they try anything they can to turn things around



  11. IAM, Watchtroll and the EPO Still Spread the Mentality of Patent Maximalism

    The misguided idea that the objective (overall) should be to grant as many monopolies as possible (to spur a lot of litigation) isn't being challenged in echo chamber 'events', set up and sponsored by think tanks and pressure groups of the litigation 'industry'



  12. Watchtroll and Other Proponents of Patent Trolls Are Trying to Change the Law Outside the Courts in Order to Bypass Patent Justice

    35 U.S.C. § 101 (Section 101) voids almost every software patent — a reality that even the most zealous patent professionals have come to grips with and their way of tackling this ‘problem’ is legislative, albeit nowhere near successful (so far)



  13. Links 16/9/2018: Windows Plays 'Nice' Again, Elisa Music Player 0.3 Beta and Latte Dock 0.8.1

    Links for the day



  14. Slamming Courts and Judges Won't Help the Patent Maximalists; It Can Only Make Things Worse

    Acorda Therapeutics sees its stock price dropping 25% after finding out that its patent portfolio isn't solid, as affirmed by the Federal Circuitn(CAFC); the only way out of this mess is a pursuit of a vastly improved patent quality, thorough patent examination which then offers legal certainty



  15. Patent Trolls Are Still Active and Microsoft is Closely Connected to Many of Them

    A roundup of patent trolls' actions in the United States; Microsoft is connected to a notably high number of these



  16. Advancements in Automobile Technology Won't be Possible With Patent Maximalism

    Advancements in the development of vehicles are being discouraged by a thicket of patents as dumb (and likely invalid) as claims on algorithms and mere shapes



  17. Battistelli “Has Deeply Hurt the Whole Patent Profession, Examiners as Well as Agents” and Also the Image of France

    A French perspective regarding Battistelli's reign at the EPO, which has not really ended but manifests itself or 'metastasises' through colleagues of Battistelli (whom he chose) and another French President (whom he also chose)



  18. António Campinos Needs to Listen to Doctors Without Borders (MSF) et al to Salvage What's Left of Public Consent for the EPO

    Groups including Doctors Without Borders/Médecins Sans Frontières (MSF) and Médecins du Monde (MdM) have attempted to explain to the EPO, with notoriously French-dominated leadership, that it’s a mistake to work for Gilead at the expense of the public; but António Campinos is just another patent maximalist



  19. The Max Planck Institute's Determination on UPC's (Unitary Patent) Demise is Only “Controversial” in the Eyes of Rabid Members of Team UPC

    Bristows keeps lying like Battistelli; that it calls a new paper "controversial" without providing any evidence of a controversy says a lot about Bristows LLP, both as a firm and the individuals who make up the firm (they would not be honest with their clients, either)



  20. Links 15/9/2018: Wine 3.16, Overwatch's GNU/Linux (Wine) 'Ban', New Fedora 28 Build, and Fedora 29 Beta Delay

    Links for the day



  21. Max Planck Institute Pours More Water on the Dying Unitary Patent (UPC)

    The Max Planck Institute gives another sobering reality check for Team UPC to chew on; there's still no sign of any progress whatsoever for the UPC because even Team UPC appears to have given up and moved on



  22. EPO Seals Many Death Sentences With Acceptance of EP 2604620

    Very disappointing news as EP 2604620 withstands scrutiny, assuring that a lot of poor people will not receive much-needed, life-saving treatments



  23. Links 13/9/2018: Compiz Comeback, 'Life is Strange: Before the Storm'

    Links for the day



  24. Now We Have Patents on Rooms. Yes, Rooms!

    The shallow level of what nowadays constitutes "innovation" and merits getting a patent for a couple of decades



  25. EPO Granted a Controversial European Patent (Under Battistelli) Which May Literally Kill a Lot of People

    The EPO (together with CIPA) keeps promoting software patents; patents that are being granted by the EPO literally put lives at risk and have probably already cost a lot of lives



  26. Links 13/9/2018: Parrot 4.2.2, Sailfish OS Nurmonjoki, Eelo Beta

    Links for the day



  27. Patents on Life at the EPO Are a Symptom of Declining Patent Quality

    When even life and natural phenomena are deemed worthy of a private monopoly it seems clear that the sole goal has become patenting rather than advancement of science and technology; media that's controlled by the patent 'industry', however, fails to acknowledge this and plays along with privateers of nature



  28. Defending the World's Most Notorious Patent Trolls in an Effort to Smear the Patent Trial and Appeal Board (PTAB) is an Utterly Poor Strategy

    The 'case' for patent maximalism is very weak; those who spent years if not decades promoting patent maximalism have resorted to attacks on judges, to defense of trolls like Intellectual Ventures, defense of patent scams, and ridiculous attempts to call victims of patent trolls "trolls"



  29. The Belated Demise of Propaganda Sites of the Litigation 'Industry'

    Sites that promote the interests of Big Litigation (patent trolls, patent law firms etc.) are ebbing away; in the process they still mothball the facts and push propaganda instead



  30. Links 11/9/2018: OpenSSL 1.1.1, Alpine Linux 3.8.1, Copyright Fight in EU

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts