Bonum Certa Men Certa
Another Vice President Quits Microsoft: Birger Steen | IRC Proceedings: August 8th, 2010

Microsoft Security Worse Than Ever, All Windows Users Still Vulnerable

Grunge cover



Summary: Code red for Microsoft as just days after an "emergency" patch comes the largest-ever patchset and all versions of Windows still seem to be left open for attackers

LAST WEEK was an emergency week for Windows users [1, 2, 3], all of whom were left vulnerable to hijacking due to Microsoft's incompetence. Here is just one more article about it:

An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts


Have things truly improved after this emergency patch? Don't bet on it. Microsoft is breaking new records in this Tuesday's security update, which is said to plug 34 holes:

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.


There is a lot more coverage about this [1, 2, 3, 4, 5, 6, 7, 8, 9] as "Microsoft [is] to issue record number of security bulletins next Tuesday" [via].

For those who think that 34 holes is the correct number, think again. Microsoft is patching its software silently and unethically so as to fake numbers that its employees decrease by hiding some of the applied fixes. In other words, Microsoft is knowingly lying and giving fake numbers. Previously we wrote about how Microsoft also spurned researchers who had warned about security flaws in Windows [1, 2, 3]. Microsoft is trying to make up after the Microsoft-Spurned Researcher Collective had been created and "TippingPoint's ZDI sets a 6-month deadline on vendors to encourage faster patching," according to this report. There is more information about it here.

Microsoft's problems are not over and all Windows users continue to be vulnerable to attacks (even after Patch Tuesday) because:

1. Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.


2. Microsoft probes new Windows kernel bug

3. Unpatched Vulnerability in All Windows Versions Claimed

4. Kernel-level Vulnerabilities Hit All Windows Versions

Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.


We wrote about this in a previous post. Rather than security improving over time, Microsoft seems to be getting worse and the number of holes is increasing.

Comments

Another Vice President Quits Microsoft: Birger Steen | IRC Proceedings: August 8th, 2010

Recent Techrights' Posts

Microsoft's LinkedIn is Losing Money, Traffic, and Hope; Now It Wants to Sell Its Users' Lifeblood (and Data)
Let this be a reminder of what social control media really is about
Microsoft Lunduke: Freedom of Speech Means Spreading What I Have to Say and Banning People I Disagree With
4Chan is one he aims for and he is siccing 4Chan trolls at people he doesn't like
Richard Stallman Back at the "Rudolf-Diesel" Hörsal "MW 2001" in About 40 Hours
He spoke there before; there's a very high seating capacity there
US Government: 6.1% of Site Visitors Use GNU/Linux
GNU/Linux has a considerable share and it is growing
Why the FSF No Longer Recommends Debian, as Explained by Richard Stallman This Month
some weeks ago
 
In Many Cases and in Many Different Ways, Technology Became Less Durable and Less Reliable Over Time
The "modern" things are more complex. And complexity is a foe or reliability and repair-ability.
Counting Unhatched Eggs Is Not Counting Chickens
Everything here will persist as normal
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 19, 2025
IRC logs for Sunday, October 19, 2025
Campaign of FUD Against Framework Laptops and GNU/Linux (Using Microsoft's Attack on Linux, 'Secure Boot')
Ritual Defamation Cult has turned its attention over to Framework
Liberation From 'The Feed'
They rank things based on the editor's choice/ideology (he or she knows the sponsors, hence the masters)
Microsoft's Killing of Vista 10 Seems to Have Resulted in More Articles About GNU/Linux (But Also FUD)
We not only saw a rise in traffic, we also saw a remarkable rise in the number of articles
Today (a Day Before Richard Stallman Talk at TUM) There's a Patent Propaganda Event at TUM
Perhaps an opportunity for Dr. Stallman to rebut this "invention to patent" nonsense/fantasy (conflating monopolies with innovation)
OpenSource or "Open Source" as a Brand is Dying, Let's Get Back to Talking About Software Freedom
Those of us who actually want to reform the industry and put users in control of their systems/devices will recognise that "Open Source" was selling a lie or got-co-opted by liars
19 Years in Numbers: Techrights' Anniversary Countdown and Retrospective
In 2019 we began improving our workflows and, accordingly/predictably, we became a lot more productive
Slop Turns People Off (LLMs Lack Intelligence, They're Just Plagiarism Powerhouses That Fail to Deliver Any Real, Measurable Value)
"More" (or "MOAR") isn't always better
IBM Red Hat Has Re-calibrated or Adjusted to Bubble Economics, False Promises, and Slop/Plagiarism
This won't end well
Fake Numbers, Fake Claims, Fake Economy, and Media Grifters That Prop Up Fraud
Grifters like The Register MS won't be looked upon kindly after the bubble implodes
For Some, the GNU Web Site is Not Accessible This Week
They seem to have gone into some kind of lock-down mode
Symptoms of Upcoming Microsoft Layoffs in XBox
A crashing franchise
Psychiatrist confession: Germanwings crash & Debian toxic culture recognized before suicides
Reprinted with permission from Daniel Pocock
Gemini Links 19/10/2025: Scentjacking 101, Slop Hype Boosters, and Steam Next Fest
Links for the day
Slopwatch: The Serial Slopper, LinuxSecurity, and Google News
Let's hope slopfarms die as soon as possible
Links 19/10/2025: Cambodia Scam Centres, Slop Hurting Wikipedia Traffic
Links for the day
As Economies Crumble Free as in Beer Will Matter, Not Just Free as in Freedom/Libre (Libertad)
French regions choosing to embrace Software Freedom
25 Years Ago, an Explanation of How Reducing Free Software to 'Apps' Would Interfere With Freedom Goals
there's nothing unreasonable about it
A List of 63 Known Gemini Clients (Software to Browse Geminispace Content With Gemini Protocol)
Not counting browser plugins for Web browsers
Gemini Links 19/10/2025: "Firma Odin Is Transforming" and Bot Attacks While "AFK"
Links for the day
LLM Slop Could Not Rise to Prominence Without Media Complicity and Artificial Hype
Inane garbage disguised as "journalism"
All the Latest Half Dozen Articles by Mehedi Hasan (UbuntuPIT) Only Admit at the End That He's Using LLM Slop
Disclosure is OK, but the practice of using slop is not
The 'Modern' Web of Fake Security and Easy Censorship of Whole Domains
Each year it gets worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 18, 2025
IRC logs for Saturday, October 18, 2025
The Term "AI" is Not New and What Today's Media Calls "AI" Isn't Even AI
Only the hype was new... and totally artificial
Gemini Links 18/10/2025: "Planetary Rings", Steam, and PSU Replacement
Links for the day
Defeating LLM Abuse (State-of-the-Art Plagiarism) in the Area of Linux and GNU, Free Software, BSD, Security and So On
The aim is to get them to stop using LLMs to rip off other people's work
Links 18/10/2025: Russell Vought in Charge, US Government Leans to Russia Again
Links for the day
Credit Where It's Due: LinuxConfig.org Quit Doing LLM Slop, Back to Original and Real Articles
We waited for a while to say this, now it seems conclusive
Of Note: UbuntuPIT Aware of Critics of Slop, Adds Disclosure of Use of LLMs
We appreciate the honesty
Links 18/10/2025: Madagascar's President Flees and ICE Arrests Protest Comedian Robby Roadsteamer
Links for the day
Richard Stallman Near the European Patent Office (EPO) in 3 Days From Now
It'll be a good opportunity for patent examiners to listen, ask questions, and maybe greet him in person
From Scholar to Booster of Slop (and Even Slop in His Own Blog)
We're going to keep an eye on future posts of his
End of Vista 10 Also Good News for the BSDs
There are many news sites that recommend trying GNU/Linux this month
What's Wrong With Liking Parrots or Birds as Pets?
They'd demonise people for speaking about freedom, no matter what they say or do
Digital Sanitation Good Practices
leave behind Microsoftism
10 Days Ago Richard Stallman Gave a Long Interview in French (linuxfr.org)
English translation
Science, Not Fast Food/Junk Food
The commercial exploitation of users won't stop until users exercise full control over their software or - more broadly - their computing (including data)
The Free Software Foundation, Which Has Appointed a 43-Year-Old President, is Looking to Add Another Board Member (or Treasurer)
expect the FSF to add more people
Richard Stallman Confirms Next Week's Talk at Technical University of Munich, We Urge EPO Staff to Attend
That's probably late enough for EPO staff to attend after work
Gemini Links 18/10/2025: Notifications and Geminaut
Links for the day
Many Red Hat People Are Leaving, But It'll Be Framed Publicly as Leaving IBM
Similarly, IBM layoffs (or "RAs" as they're called) include Red Hat layoffs
Expect More Waves of Microsoft Layoffs This Month (at Least Two Rounds Confirmed Already)
From what we can gather, assuming the recent rumours about XBox are true, there will be at least 3 waves of Microsoft layoffs this month alone
Security Issues in Cisco and Jenkins Passed Off as "Linux" Problems
Fear, Uncertainty, Doubt (FUD) tactics
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 17, 2025
IRC logs for Friday, October 17, 2025