Bonum Certa Men Certa

Security Emergency at Microsoft, All Windows Users Are Vulnerable for Now

Windows users can cut the Internet cable to feel more secure

Cutting



Summary: Every version of Windows is open to attack which has already targeted very many users and no patches are available yet

MICROSOFT HAD MANY security issues last month. We covered many of them over the course of the past fortnight, but here are some newer items and items which we missed.



Some while ago Microsoft discovered a very major zero-day flaw, which made a lot of headlines including this one where Microsoft is shown to be confirming the problem.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.


"Microsoft Acknowledges Windows Shell Vulnerability," says another article from around the same time. "Microsoft Warns Of Attacks Exploiting Windows Shell Flaw," alerts CRN. This is an emergency which, according to OpenBytes begs for a vulnerability patch on Monday. For how many consecutive months must such embarrassments happen? Also in the news:



According to this new report, Microsoft's bad patches, which even Microsoft partners are scared to apply, leave many Windows installations unpatched and thus totally vulnerable on a permanent basis. Microsoft pulls support (as in security patches) for older versions of Windows (Windows 2000 and soon Windows Server 2003) and since upgrades are not free when it comes to Windows, more people are expected to have vulnerable machines. To Microsoft, it's just a business decision. When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.

“When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.”Microsoft is largely a PR company, so needless to say it has ways of downlplaying the severity of such issues, which may have made one in two Windows PCs a zombie PC (since 2008).

As evidence of Microsoft's PR crusade, look no further than the latest Microsoft Imagine Cup rubbish [1, 2, 3, 4, 5]. It's Microsoft advertising and it's a way of making the monopolist look like it is loved by children. It's an attempt to change the company's image and similar stunts currently come from Microsoft Malaysia. But that's another story for another day. The point we are trying to make here is that no matter how serious Microsoft's security problems are, it will always do lots of PR work to silence reporters. We have documented cases where Microsoft unleashes PR people at journalists (regarding Vista security) and in last month's news we found "Irvine PR firm honored for work related to Microsoft patches". Watch the body of this article:

Madison Alexander was honored for the agency's work on behalf of its client, Shavlik Technologies. By consistently positioning Shavlik as an expert on Patch Tuesdays – when Microsoft Corp. releases software security updates once a month on a Tuesday – the firm delivered "prominent references" to Shavlik in media coverage of Patch Tuesdays, according a statement from Madison Alexander.


Juniper, which is run by several Microsoft executives, seem to be trying something similar with occasional press releases that are consistent with the same template.

“Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do”This just shows how 'independent' the press really is and why. It's all distorted by PR, but the PR happens behind the scenes (the back end, so to speak). "atom42 Tops Agency Leaderboard in Microsoft Competition," says the headline of this new press release. "In a recent competition run by Microsoft to promote recently improved ‘decision engine’ Bing, online marketing agency atom42 outperformed larger rivals to win ‘blingin’ prizes." Awww... wonderful!

Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do [1, 2]. It is only making things worse because they take revenge and put all Windows users at risk. This is where Microsoft's attitudinal problem (arrogance and power games [1, 2, 3]) contributes to lack of security in its products. Some security experts are even leaving Microsoft. New example:

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.


Until Microsoft's emergency security patch arrives everyone who uses Windows is at risk of being assembled into a botnet, "Experts predict extensive attacks of Windows zero-day," says this report, noting that "Security organizations... raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows."

That's right, all versions are affected, Vista 7 included. A while ago Microsoft said that 25,000 PCs were attacked with the latest Windows zero-day flaw (the number is now higher) and it investigated issues it could prevent by simply changing its internal culture.

"Fuck! It took you a year to figure that out!"

--Bill Gates



"That’s the dumbest fucking idea I’ve heard since I’ve been at Microsoft."

--Bill Gates



Recent Techrights' Posts

Why We Support Richard Stallman and You Probably Should Too
It's not about being "Richard Stallman fan", it is about maintaining the right to hold positions (on technology) like his
Some Large German Media Covers Richard Stallman's Talks in Germany Earlier This Week
LLM-based chatbots are just "bullshit generators" (as he has long called them)
Trouble in Red Hat/IBM and a Retreat to Ponzi Economics in Search of Wall Street Market Heist
Would you invest your life savings in this kind of crap?
Who Asked Software in the Public Interest (SPI) for a Refund? ($100,000, Resulting in Losses of $267,201 in 12 Months, Highest-Ever Losses)
The IRS does not reveal who or what's tied to this refund (or the cause/reason)
 
Slopwatch: Google News and Slopfarms That Relay Nonsense From LLMs
Google News, which once prioritised or used to care about provenance and quality, is feeding slopfarms
Links 23/10/2025: More Health Concerns Over Dumb Chatbots (LLMs) and "Talking Cars" as Latest Buzz
Links for the day
Gemini Links 23/10/2025: Daylight Savings Time and Duration Shorthand
Links for the day
Links 23/10/2025: LLM 'Hallucinations' (Defects) in Practical Code 'Generation', China Becomes More Economically and Technologically Independent
Links for the day
Linux Foundation Uses LLM Slop to Promote Microsoft in Linux.com (Again), Rendering It a Linux-Hostile Slopfarm
Openwashing with slop by "Linux.com Editorial Staff", which basically seems to be a bot
Links 23/10/2025: Windows TCO Galore and "The Internet Is Going to Break Again"
Links for the day
Social engineering attack: Debian voted to trick you on binary blobs
Reprinted with permission from Daniel Pocock
Techrights Will Always Stand for Women's Rights
We even invest money - personal savings that it - in our principles
Certified Lawyers Should Know Better (Than to Intimidate Us With Man Who Drives on Motorcycle Through a Really Bad Storm Between Distant Cities, Then Collects Photos of Our Home)
Mentioning someone was in prison for bad things isn't a crime, it's a public service
The "AI" (Slop) Bubble is Already Imploding
"ChatGPT Usage Has Peaked and Is Now Declining, New Data Finds"
The So-called "Sexy" Buckets (AI, Quantum) Cannot Save IBM From Reality, Shares Tank
"No matter how much financial hocus-pocus they use to reclassify revenues to land in the "sexy" buckets (AI, Quantum), it still smells old and musty - just like this company."
Paul Krugman is Wrong About the Scope of Mass Layoffs in the United States
A few years ago society was accelerating its journey towards feudalism, boosted by COVID-19
Links 23/10/2025: Proprietary Blunders and CISA's Latest Disclosure of Holes
Links for the day
Gemini Links 23/10/2025: Fast Past (F1), 99.9% Uptime
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 22, 2025
IRC logs for Wednesday, October 22, 2025
Slopwatch: Google News is Promoting Fake 'Articles' About Fake Xubuntu, Fake Articles About Replacing Windows With GNU/Linux
The quality of the Web deteriorates and unless someone cleans up the mess, real sites will lose an incentive to produce anything
When "AI Layoffs" Mean Layoffs Due to the "AI" Bubble Popping
many people that are laid off by Microsoft claim to be specialists in "AI"
Mysterious grant forfeited, $100,000 from Software in the Public Interest accounts 2023
Reprinted with permission from Daniel Pocock
Evidence: bullying, student union behaviour: Armijn Hemel's FSFE resignation
Reprinted with permission from Daniel Pocock
Evidence: psychological abuse, stalking, Galia Mancheva, Susanne Eiswirt ignored by FSFE judgment for Matthias Kirschner
Reprinted with permission from Daniel Pocock
Helping FSFE scam victims and conference organisers
Reprinted with permission from Daniel Pocock
Nigerian fraud in FSFE constitution
Reprinted with permission from Daniel Pocock
Worrying and Amusing Stories of "Clown Computing" Gone Awry
Many of these disasters could be avoided
Links 22/10/2025: Amazon Plans to Replace Workers With Robotics, AWS and Clown Computing in General Ridiculed
Links for the day
Gemini Links 22/10/2025: Niri Completely Changes Multitasking and Overview of Diff-ers
Links for the day
Links 22/10/2025: Study on Misinformation by Slop and Heavily Debt-Sabbled Microsoft OpenAI (ClosedSlop) Uses "Browser" as Gimmick/Distraction
Links for the day
They've Already Spent Close to a Million Dollars on Lawyers and Sent Us About 50 KG of Legal Papers (Sponsored by Mysterious Third Party) to Try to Censor Techrights, Without Success
They try to overcompensate with sheer volume for a lack of solid, clear arguments (we are the victims here)
12 Months Ago the 'Hulk Hogan of UEFI' Officially Went 'Tag-Team'
We're actually sort of flattered or proud that such despicable people are so desperate to censor us
"Cloud Computing" Was Always a Joke, But This Week Was the Punchline
Maybe stop following tech trends and fashions
"Cloud Computing" Does Not Mean Safety
Fault tolerance is related to the notion of software freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 21, 2025
IRC logs for Tuesday, October 21, 2025
The Fall of Windows: From Something to Nothing
Of course Microsoft will pretend everything is fine and "just trust the hey hi" (AI)
Sounds Like Fedora is Ready to Become Less of a Slave of Microsoft (GitHub)
This seems like a belated move in a positive direction
XBox is a Dead Microsoft Product in a Dying Industry
It's probable that another wave of XBox layoffs is just over the horizon (maybe even before month's end)
Progress on Techrights Site Search
Fun times
IBM's Bluewashing of Red Hat Means the Layoffs Are Silent, Barely Reported
Don't wait to hear about "Red Hat layoffs"
Gemini Links 21/10/2025: Happy Disconnection, AWS Falling Apart, Closing of Gemlog Blue
Links for the day
Full Audio of Today's Richard Stallman Talk in the Technical University of Munich
Free/Libre software and freedom in the digital society
Microsoft XBox is Just Vapourware (Promises of Hardware That Doesn't Exist), Real Products Perish
just as developers lose interest in developing for XBox Microsoft is increasing the costs imposed upon them
Slopwatch: Fake Articles (Slop) in "Linux" Clothing in Google News (Noise)
all about what Google does
Links 21/10/2025: Even "Inventor of Vibe Coding" Rejects Vibe Coding, USPTO Experiments With Slop in Examination
Links for the day
Richard Stallman Talk Now Available for Viewing (Archived Copy, Not Live-streamed)
This recording is over 2 hours old
Links 21/10/2025: AWS-Induced Chaos and Social Control Media Curbs
Links for the day
Gemini Links 21/10/2025: Programming, StarGrid, Brand-New Palm OS Strategy Game in 2025, and Chatbot as Addiction Mechanisms
Links for the day
The African Lion and the American Cowards
Safaris exist for people to watch and enjoy animals
Amazon Web Shenanigans Perfectly Timed for Today's Talk by Richard Stallman
Maybe listen to him instead of looking for excuses to ridicule the messenger
Mission:Libre Has Taken Off (Project by Carmen Maris)
there will be a lot more to report on next month (after the event)
Techrights to Publish More EPO Leaks Next Week
We're meanwhile also doing lots of work on search, whose interface now looks better
Links 21/10/2025: 'The Lost Art' of Neon Signs and Twitter (X) to Enable Identity Theft (or Handle Theft) as a Service
Links for the day
Plagiarism With LLM Slop: Hindustan Times (HT Digital Streams Limited) Has Become a Slop Factory/Hub
What a disgrace
A radical proposal to keep your personal data safe, by Richard Stallman
"The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place"
Next Week We Launch Search at Techrights
We're planning to launch it some time next week. Maybe Tuesday, maybe Thursday.
Talk by Richard Stallman Will be Live-streamed in Less Than 10 Hours
Happy hacking
"No Kings" in the Software World (GAFAM Should Not Exist, Either)
"No Kings" is a good slogan. Let's start by ridding ourselves of masters, not only those who reside in DC or visit DC
Every Morning
Bugs/edge cases combined with automation can spell disaster
Insane, Deliberately Dishonest, or Just Another Bigot?
very intellectually-dishonest human being
A Lot of Techrights is Built on Perl
Perl also runs the sister site
The Register MS Selling Slop for Microsoft (Vapourware, Ponzi Scheme, False Claims)
What will be left of The Register MS if it keeps repeating falsehoods and looking to profit from Ponzi schemes?
analytics.usa.gov Says Less Than 14% of Web Requests (to Government Sites) Come From Vista 11
Vista 11 was released more than 4 years ago!
People Who Attempt to Take Down Correct Information Need a Doctor a Day
“Journalism is printing something that someone does not want printed. Everything else is public relations.” ― George Orwell
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 20, 2025
IRC logs for Monday, October 20, 2025
Vista 11 is Sinking While Microsoft is PIPing (Mass Layoffs But Silent Layoffs)
We're witnessing a shift in platform dominance
Richard Stallman is Having a Good Week Already (Stallman Was Right About 'Clown Computing')
That alone is worth bringing up in his talk
An Update About Soylent News, With Jan Rinok "Back in the Saddle"
Burnout or "near burnout" a possibility when having to curate abuse
When Prominent GNU/Linux Distros Are Run by Spies
What has Microsoft Canonical become?
More Publishers and Companies Nowadays Say "GNU/Linux", Not "Linux"
It's not to see InstallAware saying GNU/Linux this week