EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.31.10

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Propeller
  • Slashdot
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

What Else is New

  1. Divide and Conquer: How Microsoft Fractures Free and Open Source Software, GNU/Linux

    Latest examples of Microsoft's strategy, wherein it sends out affiliates to pretend to be FOSS people and then promote software patent deals, separation between Open Source and Free software, departure from the GPL, promotion of 'open' core (proprietary) as "Open Source", and demotion of free/libre platforms like GNU/Linux along with free suites/formats like ODF

  2. GNU/Linux Users in Techrights

    We deal with the old question, how many people who read Techrights use GNU/Linux?

  3. “Only Idiots Want to Pay for Novell” (Corrected)

    Strong words from Rui Seabra to Red Hat's Wildeboer, who criticises people's willingness to pay Microsoft for GNU/Linux

  4. GNU/Linux Keeps Gaining Market, Microsoft-Funded Net Applications Keeps Lying

    GNU/Linux market share on the desktop approaching 5% in W3Schools.com

  5. The Truth About Thomas Edison and New Species of Patent Trolls

    A look back at very abusive behaviour from a patent office icon; new critique of the patent process

  6. AOL Escapes Microsoft

    AOL turns to Google, despite rumours that Microsoft wanted to buy AOL

  7. Eye on Security: Windows Ransomware, DLL Hole, Malware, and More

    Menaces and unpleasant 'niceties' that only affect users of Windows this week

  8. Links 3/9/2010: GNOME 2.32 Beta 2, Android Tablets

    Links for the day

  9. IRC Proceedings: September 2nd, 2010

    IRC logs for September 2nd, 2010

  10. Links 2/9/2010: New Survey Shows Red Hat GNU/Linux Increasingly Replacing Windows

    Links for the day

  11. Links 2/9/2010: Red Hat at Year Highs, Fake 'Open Source' Called Out

    Links for the day

  12. Microsoft Saved the Bush Family From Embarrassment

    A migration to Microsoft Exchange in the White House led to loss of crucial data which could help show how the United States entered wars and why

  13. Insanity of Microsoft Patents and the Insanity of 'Green' Patents

    Microsoft earns a patent monopoly on "[o]perating system shut down"; Patent monopolies prey on ideas that help preserve the planet

  14. Microsoft Looks to Communism for Answers

    Microsoft turns to China, hoping that therein exists some way to rescue Xbox 360; instead, China brings competition to Xbox 360, whose price is going up, not down

  15. "Novell Laboratories" and Patent Extortion Against Generic Drugs

    Notorious "death patents" are being used against Novell

  16. It's True, Android is Not Free (Because of Microsoft Patent Extortion)

    New FUD from Microsoft staff and a reminder of what it is that really puts a price tag on Android (and it's not Google)

  17. Bloomberg Gets the Facts Wrong (About SCO and Novell)

    Another example of Bloomberg publishing misinformation, which in this case serves SCO and thus harms Linux

  18. Red Hat Now Worth Almost 3.5 Times What Novell is Worth

    A look at Novell's decreasing relevance wrt to Red Hat and other companies that actually produce and distribute Free software, not proprietary software

  19. “Novell Inc (NOVL) Received an Offer in Early March and Has Yet to Announce a Deal.”

    Novell is still up for sale and the financial market expects some announcement to come sooner or later

  20. Microsoft Says Choose Microsoft to Avoid Lock-in

    Microsoft warns about VMware lock-in as it attempts to sell proprietary hype [sic] V

  21. IRC Proceedings: September 1st, 2010

    IRC logs for September 1st, 2010

  22. Links 1/9/2010: Linux in Ukraine, 'Green Party' of Belgium Moves to GNU/Linux Desktops

    Links for the day

  23. Microsoft Boosters of Software Patents in Linux/UNIX Sued for Patent Violation

    Centrify and Likewise get sued, having attempted to outdo Free software by faking it and adding software patents to it

  24. Microsoft Lobbyists Continue to Push for Software Patents in Europe (Transforming Government) to Tax Linux

    Microsoft wants European GNU/Linux users to pay through the nose, but first it needs to use lobbyists like Zuck to change the law in Europe, by pretending to speak for small businesses

  25. Microsoft Uses Linux to 'Succeed'

    Microsoft uses Linux-powered phones not just to make income (patent tax) but also to spread Microsoft propaganda, which includes Linux insults

  26. Links 1/9/2010: Chakra 0.2.0, Ksplice Free for Fedora

    Links for the day

  27. Apple's Co-founder Steve Wozniak a Patent Trolls' Apologist, Apple is Patenting DRM Ideas

    Wozniak helps prove that also departing co-establishers of proprietary predators defend patent trolling

  28. Microsoft is Said to Have Had an Anti-OpenOffice.org Seminar on Monday (Updated)

    The Microsoft camp is attacking Oracle's OpenOffice.org (OOOo) while pretending that Oracle is an "evil empire" (whereas Microsoft "loves" open source)

  29. Software Patents and Microsoft Hurt Korea as Country Tries to Escape Microsoft Monopoly and Market Abuses

    Microsoft dependencies, Ballnux in Korea, and the ill effects of software patents there

  30. Correcting Common Case of Misreporting: Novell is Not an Open Source Company

    Novell is a semi-shut (or "mixed source") company, not "Open Source" as some Web sites falsely report

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts