EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.08.10

Microsoft Security Worse Than Ever, All Windows Users Still Vulnerable

Posted in Microsoft, Security, Windows at 6:13 pm by Dr. Roy Schestowitz

Grunge cover

Summary: Code red for Microsoft as just days after an “emergency” patch comes the largest-ever patchset and all versions of Windows still seem to be left open for attackers

LAST WEEK was an emergency week for Windows users [1, 2, 3], all of whom were left vulnerable to hijacking due to Microsoft’s incompetence. Here is just one more article about it:

An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts

Have things truly improved after this emergency patch? Don’t bet on it. Microsoft is breaking new records in this Tuesday’s security update, which is said to plug 34 holes:

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.

There is a lot more coverage about this [1, 2, 3, 4, 5, 6, 7, 8, 9] as “Microsoft [is] to issue record number of security bulletins next Tuesday” [via].

For those who think that 34 holes is the correct number, think again. Microsoft is patching its software silently and unethically so as to fake numbers that its employees decrease by hiding some of the applied fixes. In other words, Microsoft is knowingly lying and giving fake numbers. Previously we wrote about how Microsoft also spurned researchers who had warned about security flaws in Windows [1, 2, 3]. Microsoft is trying to make up after the Microsoft-Spurned Researcher Collective had been created and “TippingPoint’s ZDI sets a 6-month deadline on vendors to encourage faster patching,” according to this report. There is more information about it here.

Microsoft’s problems are not over and all Windows users continue to be vulnerable to attacks (even after Patch Tuesday) because:

1. Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.

2. Microsoft probes new Windows kernel bug

3. Unpatched Vulnerability in All Windows Versions Claimed

4. Kernel-level Vulnerabilities Hit All Windows Versions

Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.

We wrote about this in a previous post. Rather than security improving over time, Microsoft seems to be getting worse and the number of holes is increasing.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. Andrew Macabe said,

    August 8, 2010 at 11:02 pm

    Gravatar

    …heavily fortified Windows 7. Topnews & the register are into humor now?

    twitter Reply:

    Windows 7/Vista are fortified against users for the sake of advertisers and Microsoft. In ordinary security, the user is the owner and everything else is a threat. In the Microsoft world, user control is the primary threat and all else is disregarded.

    Microsoft has benefitted from the insecurity of their software for as long as I can tell. The MSDOS 5.x install from 1993 flashes messages about new technology to keep data safe from crashes and users safe from viruses. Everytime Microsoft wants to sell a new version of Windows, stories about “computer viruses” suddenly show up in the Microsoft friendly press. After nearly a decade of useless, often malicious patch Tuesdays, most people are starting to understand that Windows will never be secured. Software that has owners does what the owners want not the user.

    Dr. Roy Schestowitz Reply:

    The issue is that upgrades are not free either (upgrade treadmill is the business mode), which means that many users are left less secure due to financial means. GNU/Linux does not have this problem, or very rarely has.

What Else is New


  1. Links 9/8/2020: Popcorn Computers Pocket PC and New Interview With Richard Stallman

    Links for the day



  2. Education and Free Software

    "If students learn how to code, they'll be able to figure out the applications."



  3. Features Considered Harmful (Revised)

    "But the benefits of Free software, free candy and new features are all meaningless, if the user isn't in control."



  4. If We Weren't Silencing Founders, Critics and People We Just Don't Like

    In the long run, history is rarely very kind to tyrants, especially the ones who did little more than lie to people and demand things that served no real purpose."



  5. I Would Have Supported the Coup (Under Very Different Circumstances)

    Richard Stallman's (rms) ordeals are showing us how not to deal with a founder; this is how power transition could be done instead, according to figosdev



  6. It Looks Like Red Hat's (IBM) Fedora Project May be 'Outsourced' to Amazon's Datacentres

    In "seeking a more modern and cost effective location" for Fedora Infrastructure it seems to have been decided, privately, that Amazon (AWS) would be the new home of this project; but there's sufficient obfuscation surrounding the matter and many people seem to be totally unaware



  7. IRC Proceedings: Saturday, August 08, 2020

    IRC logs for Saturday, August 08, 2020



  8. Fearmongering Was Originally an IBM Thing, Not a Microsoft Thing

    Microsoft made FUD famous, but it was actually IBM’s practice that made it commonplace in the first place (the term or acronym was coined before Microsoft even mattered and on the same year Microsoft was founded)



  9. [Meme] People Get Fired for Being Bought by IBM (With a Crummy Severance Package)

    IBM used to proudly provide job security and one could have a job there for decades (career ladders and worker benefits of all sorts are what some people assess this when looking for an employer, e.g. whether they can progress, get promoted, stay onboard); by today’s standards only a month’s salary is exceptionally bad, especially when one gets fired without warning, but this is what IBM did to some Red Hat employees



  10. New FSF Video Makes the Case Against Microsoft GitHub (and Similar), So Why is the FSF's Board Being Filled Up With Active GitHub Users?

    The FSF makes a good point about “important values like autonomy, sharing, social responsibility, and collaboration” — the very things that are under attack by Microsoft’s GitHub, which is all about coercion and monopolistic control over developers



  11. Techrights is Not Against Microsoft

    It may be a suitable time to explain why Microsoft is mentioned so much and why it's not a fixation but a reactionary priority



  12. The THRIVE Guidelines

    "Nobody is perfect, and it's obvious that people already hold some to a more unreasonable interpretation of their standards than others."



  13. Links 8/8/2020: Mageia 8 Hits Beta and FSF Has New Video

    Links for the day



  14. [Meme/History] OpenPOWER or Just White POWER?

    Antiwar and anti-nukes activists cannot support those causes and support IBM at the same time, as the founder’s son (father received a medal from the Nazi Party) flew “an American heavy bomber” and enjoyed a track record of nepotism, propelling him to the top both in the military and at IBM



  15. Rebuilding Communities

    "First, we should talk about how our communities have regressed."



  16. [Meme] Microsoft in 2020: Liaising With Criminals to Make Crime the New Normal

    As the TikTok situation serves to show, Microsoft is little but a criminal cult that relies on other criminals to do Microsoft's biddings



  17. The Computer Anybody Can Edit

    "Without rebuilding and recompiling all of the packages on a large distribution, it is possible to "remaster" an ISO and get a different system -- even before you install it."



  18. Former Microsoft Employee on So-called 'Journalists' Being Blackmailed by Microsoft

    Mitchel Lewis, a former Microsoft employee, remarks on Mary Jo Foley being 'punished' by Microsoft for not mindlessly publishing Microsoft propaganda (we remarked on this before as she had spoken to me about this over a decade ago)



  19. IRC Proceedings: Friday, August 07, 2020

    IRC logs for Friday, August 07, 2020



  20. For the Want of a Pixel

    "It is still possible to win, but the FSF has practically left the field."



  21. Ubuntu and Fedora Project Serving Microsoft

    The Ubuntu 'community' as well as the 'community' component of Red Hat (IBM) don't view Microsoft as a rival; over a decade ago Mark Shuttleworth accused Microsoft of "extortion" and "racketeering" (his words), but now he's paid to change his tune



  22. (Don't Let's) Throw Caution to the Wind

    "As it will become crucial to explain, the effect of all this dancing around truth and reality was to transform a volunteer force primed to bring freedom to users into cheap labour for an industry that exploits everyone in it -- all the way to the very top of Open Source itself."



  23. Links 7/8/2020: Mesa 20.2 RC, Radeon Software for Linux 20.30

    Links for the day



  24. Computing Fundamentals

    "A graphical interface is better, for some things -- sometimes. But it will also put a lot more on our plates."



  25. IBM and the Bomb: Series Index (on 75th Anniversary of Atomic Bombs Being Dropped on Civilians)

    Today seems an apt time to remind readers that IBM participated in the creation of the only bombs ever to be dropped in a war (not tests) and this tradition carries on because IBM is still profiting from it, to this very day (countless billions made by IBM during the Cold War too)



  26. Freedom is Personal

    "Before I say anything else, note that there are literally hundreds of GNU/Linux distros, and I put in a lot of work to rate which were the least encumbered by corporate politics — directly or indirectly."



  27. Links 7/8/2020: Ubuntu 20.04.1 LTS and GNU C Library 2.32 Released

    Links for the day



  28. IRC Proceedings: Thursday, August 06, 2020

    IRC logs for Thursday, August 06, 2020



  29. Our Collective Privacy is Under Unprecedented Attacks and Privacy is Now Conflated With Bad Hygiene, Not Just Criminality

    At warp speed the "War on cash" or "War on anonymous transactions" is moving ahead; now that COVID-19 infects a lot of people we're led to assume that mass surveillance saves lives not because of counter-terrorism but because of contact-tracing or whatever (in practice it's hardly effective, but it's conditioning people to give up any remnants of their privacy)



  30. The Psychology of Developers

    "It turns out, there are ways around a free license -- you can make software "less free" or more imposing, without changing the license at all."


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts