11.27.10

Gemini version available ♊︎

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. IRC Proceedings: Friday, November 26, 2021

    IRC logs for Friday, November 26, 2021

  2. 38+ Years of GNU and 19+ Years of FSF Associate Membership

    “On November 25, 2002,” Wikipedia notes, “the FSF launched the FSF Associate Membership program for individuals.” As the above video points out, it all started almost 40 years ago.

  3. Gemini as a Platform for Gamers

    Contrary to what people often assume (or are led to assume), even without client-side scripting Gemini can accomplish a great deal; early adopters, many of whom are technical, test the limits of the very minimalistic (by design and intention) specification

  4. Improved Workflows: Achievement Unlocked

    Today we've completed a bunch of small projects that can make us more efficient (e.g. more Daily Links per day, more articles); the above video was recorded many hours ago to accompany the outline below

  5. Links 26/11/2021: New Complaint About Microsoft Competition Crimes in Europe, EuroLinux 8.5, GhostBSD 21.11.24, and Kiwi TCMS 10.5 Released

    Links for the day

  6. Links 26/11/2021: F35 Elections, Whonix 16.0.3.7, OSMC's November Refresh With Kodi 19.3

    Links for the day

  7. IRC Proceedings: Thursday, November 25, 2021

    IRC logs for Thursday, November 25, 2021

  8. IRC Proceedings: Wednesday, November 24, 2021

    IRC logs for Wednesday, November 24, 2021

  9. Links 25/11/2021: PHP 8.1.0 Released and Linux 5.15.5

    Links for the day

  10. IBM as Master of Hypocrisy

    Free software projects and Free software developers have long been humiliated by corporations of Western misogynists, falsely claiming that the Free software community isn’t inclusive enough (these are shameless projection tactics; as a matter of public record, the exact opposite is true) and even the eradication of supposedly offensive language isn’t something IBM takes seriously

  11. Links 25/11/2021: LibreOffice 7.2.3 and Mesa 21.2.6 Released

    Links for the day

  12. [Meme] So Desperate That Edge Cannot Even Exceed 4% That They Block Rival Web Browsers

    Linux/Android/Free Software/GNU (they go by very many names/brands) may continue to grow to the point where Windows is as irrelevant as Blackberry; this means that Microsoft’s grip on the Web too has slipped — to the point where Microsoft frantically uses 'bailout' money to hijack LinkedIn, GitHub, etc. (it also rebrands almost everything as "Azure" or clown to fake a perception of growth)

  13. Windows Vista Service Pack 11 (Vista 11) Has Failed to Curb the Growth of GNU/Linux

    Windows market share continues to decrease in spite of billions of dollars spent bribing the media for fake hype, especially in light of a new Windows Service Pack (SP), Vista SP 11

  14. Links 25/11/2021: Proton 6.3-8 and Linux Mint Compared to Ubuntu

    Links for the day

  15. 3.5 Years Later the 'Master' of Fedora is Still Microsoft and IBM Cannot Be Bothered to Alter Git Branch Names (Refuting or Ignoring Its Very Own Directive About Supposedly Racially-Insensitive Terms)

    Today we demonstrate the hypocrisy of IBM; years after telling us that we should shun the term "master" and repeatedly insisting it had a racist connotation at least 65 Fedora repositories, still controlled by Microsoft, still use "master"

  16. Changing the Arrangement While News is a Bit Slow(er)

    I've made it easier for myself to keep abreast of things like IRC channels and networks (incidentally, a day ago Freenode reopened to anonymous logins) and I've improved monitoring of the Web sites, Gemini capsule etc. (this video is unplanned and improvised)

  17. Links 24/11/2021: Alpine Linux 3.15 and Endless OS 4.0 Released

    Links for the day

  18. [Meme] Jimmy Zemlin Loves Microsoft

    It’s funny, isn’t it? Lying for a living and sucking up to the liars pays off; you get to plunder actual Linux users while leaving Linux morally and financially bankrupt

  19. Links 24/11/2021: PHP Foundation and Flatpak Criticisms

    Links for the day

  20. IRC Proceedings: Tuesday, November 23, 2021

    IRC logs for Tuesday, November 23, 2021

  21. Links 24/11/2021: Rust Crisis and Team UPC Still Faking 'Progress'

    Links for the day

  22. Links 23/11/2021: New GNU Parallel and Memories of David H. Adler (Perl, Raku)

    Links for the day

  23. In Light of Fast-Accelerating Deterioration -- Sometimes Weaponisation -- Getting Off the World Wide Web (to the Extent Feasible) Makes You Saner and Less Susceptible to Manipulation, Lies

    Almost no sites are speaking about it (probably because they have no presence on the Internet except on the Web), but it's time to motivate more people to get off the Web, for their own good and for society's sake...

  24. Black Friday SPAM on the World Wide Web: A Reminder That the Web is a Dying Platform, Languishing Due to Marketing and Misinformation

    The junk that overruns the Web this 'Black Friday' week (consumerism 'on steroids') is a good reminder that the Web isn't healthy for the mind anymore; it's mostly spying on people, trying to compel them to buy particular things or vote a certain way

  25. Microsoft-Led Misinformation Campaign About Germany and Munich Reminds Us That Microsoft Hates and Actively Undermines GNU/Linux Adoption

    Regarding the latest moves to GNU/Linux in Germany we have 3 points to make

  26. Links 23/11/2021: Libreboot 20211122, Deepin Linux 20.3, Amazon Linux 2022, and Mabox Linux 21.11 Released

    Links for the day

  27. IRC Proceedings: Monday, November 22, 2021

    IRC logs for Monday, November 22, 2021

  28. Links 22/11/2021: EasyOS Dunfell 3.1.11, Microsoft 'Extends' Mesa for Windows

    Links for the day

  29. Microsoft's GitHub is Hugely Toxic and It Censors Critics of Corporations or People Sceptical of Those in Power

    Sociopaths have taken over GitHub and control over GitHub (by Microsoft) is being shamelessly misused, just as we’ve warned all along; GitHub is social control media/network for code, asserting control over projects and developers by means of censorship and other sanctions

  30. EPO Staff Engagement Survey Predates the Pandemic and Provides False Assumptions for EPO Policies or Policy-Setting

    The EPO ticks a box for "surveying the staff", but is it actually listening? Is that done often enough? It was last done almost 3 years ago...

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts