08.08.10

Gemini version available ♊︎

Microsoft Security Worse Than Ever, All Windows Users Still Vulnerable

Posted in Microsoft, Security, Windows at 6:13 pm by Dr. Roy Schestowitz

Grunge cover

Summary: Code red for Microsoft as just days after an “emergency” patch comes the largest-ever patchset and all versions of Windows still seem to be left open for attackers

LAST WEEK was an emergency week for Windows users [1, 2, 3], all of whom were left vulnerable to hijacking due to Microsoft’s incompetence. Here is just one more article about it:

An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts

Have things truly improved after this emergency patch? Don’t bet on it. Microsoft is breaking new records in this Tuesday’s security update, which is said to plug 34 holes:

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.

There is a lot more coverage about this [1, 2, 3, 4, 5, 6, 7, 8, 9] as “Microsoft [is] to issue record number of security bulletins next Tuesday” [via].

For those who think that 34 holes is the correct number, think again. Microsoft is patching its software silently and unethically so as to fake numbers that its employees decrease by hiding some of the applied fixes. In other words, Microsoft is knowingly lying and giving fake numbers. Previously we wrote about how Microsoft also spurned researchers who had warned about security flaws in Windows [1, 2, 3]. Microsoft is trying to make up after the Microsoft-Spurned Researcher Collective had been created and “TippingPoint’s ZDI sets a 6-month deadline on vendors to encourage faster patching,” according to this report. There is more information about it here.

Microsoft’s problems are not over and all Windows users continue to be vulnerable to attacks (even after Patch Tuesday) because:

1. Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.

2. Microsoft probes new Windows kernel bug

3. Unpatched Vulnerability in All Windows Versions Claimed

4. Kernel-level Vulnerabilities Hit All Windows Versions

Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.

We wrote about this in a previous post. Rather than security improving over time, Microsoft seems to be getting worse and the number of holes is increasing.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Andrew Macabe said,

    August 8, 2010 at 11:02 pm

    Gravatar

    …heavily fortified Windows 7. Topnews & the register are into humor now?

    twitter Reply:

    Windows 7/Vista are fortified against users for the sake of advertisers and Microsoft. In ordinary security, the user is the owner and everything else is a threat. In the Microsoft world, user control is the primary threat and all else is disregarded.

    Microsoft has benefitted from the insecurity of their software for as long as I can tell. The MSDOS 5.x install from 1993 flashes messages about new technology to keep data safe from crashes and users safe from viruses. Everytime Microsoft wants to sell a new version of Windows, stories about “computer viruses” suddenly show up in the Microsoft friendly press. After nearly a decade of useless, often malicious patch Tuesdays, most people are starting to understand that Windows will never be secured. Software that has owners does what the owners want not the user.

    Dr. Roy Schestowitz Reply:

    The issue is that upgrades are not free either (upgrade treadmill is the business mode), which means that many users are left less secure due to financial means. GNU/Linux does not have this problem, or very rarely has.

DecorWhat Else is New


  1. [Meme] Team UPC Congratulating Itself

    The barrage of fake news and misinformation about the UPC deliberately leaves out all the obvious and very important facts; even the EPO‘s António Campinos and Breton (Benoît Battistelli‘s buddy) participated in the lying



  2. Links 24/1/2022: pgBadger 11.7 Released, Catch-up With Patents

    Links for the day



  3. The Demonisation and Stereotyping of Coders Not Working for Big Corporations (or 'The System')

    The war on encrypted communication (or secure communications) carries on despite a lack of evidence that encryption stands in the way of crime investigations (most criminals use none of it)



  4. On the 'Peak Hacker' Series

    Hacker culture, unlike Ludditism, is ultimately a movement for justice, for equality, and for human rights through personal and collective emancipation; Dr. Farnell has done a good job explaining where we stand and his splendid series has come to a close



  5. Links 23/1/2022: First RC of Linux 5.17 and Sway 1.7 Released

    Links for the day



  6. Peak Code — Part III: After Code

    "Surveillance perimeters, smart TVs (Telescreens built to Orwell's original blueprint) watched over our living rooms. Mandatory smart everything kept us 'trustless'. Safe search, safe thoughts. We withdrew. Inside, we went quietly mad."



  7. IRC Proceedings: Saturday, January 22, 2022

    IRC logs for Saturday, January 22, 2022



  8. Links 23/1/2022: MongoDB 5.2, BuddyPress 10.0.0, and GNU Parallel 20220122

    Links for the day



  9. A Parade of Fake News About the UPC Does Not Change the General Consensus or the Simple Facts

    European Patents (EPs) from the EPO are granted in violation of the EPC; Courts are now targeted by António Campinos and the minions he associates with (mostly parasitic litigation firms and monopolists), for they want puppets for “judges” and for invalid patents to be magically rendered “valid” and “enforceable”



  10. Welcome to 2022: Intentional Lies Are 'Benefits' and 'Alternative Facts'

    A crooks-run EPO, together with the patent litigation cabal that we’ve dubbed ‘Team UPC’ (it has nothing to do with science or with innovation), is spreading tons of misinformation; the lies are designed to make the law-breaking seem OK, knowing that Benoît Battistelli and António Campinos are practically above the law, so perjury as well as gross violations of the EPC and constitutions won’t scare them (prosecution as deterrence just isn’t there, which is another inherent problem with the UPC)



  11. From Software Eating the World to the Pentagon Eating All the Software

    “Software is eating the world,” according to Marc Andreessen (co-founder of Netscape), but the Empire Strikes Back (not the movie, the actual empire) by hijacking all code by proxy, via Microsoft, just as it grabbed a lot of the world’s communications via Skype, bypassing the world's many national telecoms; coders need to fight back rather than participate in racist (imperial) shams such as GitHub



  12. Links 22/1/2022: Skrooge 2.27.0 and Ray-Tracing Stuff

    Links for the day



  13. IRC Proceedings: Friday, January 21, 2022

    IRC logs for Friday, January 21, 2022



  14. Peak Code — Part II: Lost Source

    "Debian and Mozilla played along. They were made “Yeoman Freeholders” in return for rewriting their charters to “work closely with the new Ministry in the interests of all stakeholders” – or some-such vacuous spout… because no one remembers… after that it started."



  15. Links 22/1/2022: Ubuntu MATE 21.10 for GPD Pocket 3, MINISFORUM Preloads GNU/Linux

    Links for the day



  16. Computer Users Should be Operators, But Instead They're Being Operated by Vendors and Governments

    Computers have been turned into hostile black boxes (unlike Blackbox) that distrust the person who purchased them; moreover, from a legislative point of view, encryption (i.e. computer security) is perceived and treated by governments like a threat instead of something imperative — a necessity for society’s empowerment (privacy is about control and people in positions of unjust power want total and complete control)



  17. Peak Code — Part I: Before the Wars

    Article/series by Dr. Andy Farnell: "in the period between 1960 and 2060 people had mistaken what they called "The Internet" for a communications system, when it had in fact been an Ideal and a Battleground all along - the site of the 100 years info-war."



  18. Links 21/1/2022: RISC-V Development Board and Rust 1.58.1

    Links for the day



  19. IRC Proceedings: Thursday, January 20, 2022

    IRC logs for Thursday, January 20, 2022



  20. Gemini Lets You Control the Presentation Layer to Suit Your Own Needs

    In Gemini (or the Web as seen through Gemini clients such as Kristall) the user comes first; it's not sites/capsules that tell the user how pages are presented/rendered, as they decide only on structural/semantic aspects



  21. The Future of Techrights

    Futures are difficult to predict, but our general vision for the years ahead revolves around more community involvement and less (none or decreased) reliance on third parties, especially monopolistic corporations, mostly because they oppress the population via the network and via electronic devices



  22. [Meme] UPC for CJEU

    When you do illegal things and knowingly break the law to get started with a “legal” system you know it’ll end up in tears… or the CJEU



  23. Links 20/1/2022: 'Pluton' Pushback and Red Hat Satellite 6.10.2

    Links for the day



  24. The Web is a Corporate Misinformation/Disinformation Platform, Biased Against Communities, Facts, and Science

    Misinformation/disinformation in so-called 'news' sites is a pandemic which spreads; in the process, the founder of GNU/Linux gets defamed and GNU/Linux itself is described as the problem, not the solution to the actual problems



  25. Links 20/1/2022: McKinsey Openwashing and Stable Kernels

    Links for the day



  26. IRC Proceedings: Wednesday, January 19, 2022

    IRC logs for Wednesday, January 19, 2022



  27. Links 20/1/2022: Linuxfx 11.1 WxDesktop 11.0.3 and FreeIPMI 1.6.9 Released

    Links for the day



  28. Links 19/1/2022: XWayland 22.1 RC1 and OnlyOffice 7.0 Release

    Links for the day



  29. Links 19/1/2022: ArchLabs 2022.01.18 and KDE's 15-Minute Bug Initiative

    Links for the day



  30. When Twitter Protects Abusers and Abuse (and Twitter's Sponsors)

    Twitter is an out-of-control censorship machine and it should be treated accordingly even by those who merely "read" or "follow" Twitter accounts; Twitter is a filter, not a news/media platform or even means of communication


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts