Bonum Certa Men Certa

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Oppression and proprietary software are a pair

Guard with machine gun



Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one's Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:



"A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."


From the original source rather than Slashdot's summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to "system," and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.


According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, "You could shut down power stations, you could shut down the transport network across the United Kingdom".


We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called 'rogue' nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran's Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild


A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

"ANOTHER Windows only story from the #BBC not mentioning Windows," wrote Gordon, "they send people to jail for not paying for this s**t," he added" (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.


This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about "virus alert system" (not mentioning Windows of course) and Gordon says one "gotta love the ISPs who spy on their customers connections #TalkTalk... this excuse is "malware protection" [still Windows of course]":

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.


More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner's Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.


The problem here is proprietary software and also this illusion of needing government help (with Phorm that's harboured by it) to simply navigate through some Web pages.

Recent Techrights' Posts

More on "Lunduke is Actually Sending His Audience to Attack People"
"pepe the frogs"
Dalai Lama Succession as Evidence That Determined, Motivated People Can Reach Their Nineties
And we need to quit talking about their death all the time
Many Lawyers (for Microsoft) and 1,316 Pages to Pick on a Litigant in Person Who Exposed Serious Microsoft Abuses
Answers must be given
Layoffs and Shutdowns at IBM, Not Just Microsoft
Same as Microsoft
With Workers Back From a Holiday Weekend, Microsoft Layoffs Carry on, More Waves to Come
Now it's Monday and people are bad to work, even some journalists
You Need Not Wave a Rainbow Flag This Month to Basically Oppose Arseholes Looking to Disrupt and Divide the Community
Don't fall for it
What Miguel de Icaza and Microsoft Lunduke Have in Common
Similar aims, different methods
 
Links 08/07/2025: "Cyberattack Deals Blow to Russian Firmware" and "Cash Remains King"
Links for the day
FSF40 T-shirt message
by Alex Oliva
Gemini Links 08/07/2025: Creativity, Gotify with NUT Server, and Sudo Bugs
Links for the day
Links 08/07/2025: Sabotage of Networking Infrastructure, Microsoft XBox Game Pass Deemed “Unsustainable”
Links for the day
Gemini Links 08/07/2025: Ancillary Justice and Small Web July
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 07, 2025
IRC logs for Monday, July 07, 2025
The FSF's (Free Software Foundation, Inc.) 2025 Summer Fundraiser Already Past Halfway Line
This is where GNU/Linux actually started
Mozilla Had No Good Reason to Outsource Firefox Development to Microsoft
What does Mozilla plan to do when GitHub shuts down?
Mozilla Firefox Did Not Die, It Got Killed
To me it'll always look like Mozilla got killed by its sponsors, especially Google, which had a conflict of interest as a sponsor
Dan Neidle, Whom Brett Wilson LLP SLAPPed (on Behalf of Corrupt Rich Tax Evaders), Still Fighting the Good Fight
Neidle fights for the poor people
Wayland Should Start by Dumping Its Very Ugly Logo
Wayland wins the "ugliest logo" award every year
Stop Focusing on Hair Colours, Focus on Corporate Agenda
If someone commits a crime, it does not matter if his or her hair was mostly white or there was no hair or a wig or whatever
Links 07/07/2025: Science, Conflicts, and a Fictional K-pop Group
Links for the day
Gemini Links 07/07/2025: Being a Luddite and Announcement of Gotify
Links for the day
Links 07/07/2025: XBox Effectively 'Dead', DMCA Subpoena Versus Registrar
Links for the day
The 'Corporate Neckbeard' is Not the "Good Guy"
Works for IBM
The Nasty Smear (and Stereotype) of "Neckbeard" or "Greybeard" is Ageism
This is the sort of stuff they might try to volley at critics of Wayland
Why Many of Us Use X Server and Will Continue to Use It For Many Years to Come
Don't make this about politics
Microsoft's Nat Friedman Became Unemployed the Same Time the SLAPPs Against Techrights Started Coming From His Friends (Weeks After We Had Exposed Scandals About Him and the Serial Strangler, His Best Friend, Who Got Arrested a Few Days Later)
Nat Friedman is not "Investor, entrepreneur"
Brett Wilson LLP Uses Threats to Demand Changes to Pages or Removal of Pages Without Even Revealing Which Staff Member Does That (Sometimes People From Another Firm!)
This has been in the public for years
Dan Neidle Said "It Really Then Became a Job of Tormenting" Lawyers Like Brett Wilson LLP (Who Threatened Him for Exposing Crimes, Just Like They Threatened My Wife a Few Months Later)
he and his wife decided to take on the evil people and their evil lawyers
Large Language Models (LLMs) Externalise Their Cost to the Free Software Foundation (FSF)
"The forty-sixth Free Software Bulletin is now available online!"
Weeding Out Extremism in Our Community
To me it seems like Microsoft Lunduke is rapidly becoming like a "hate preacher" who operates online, breeding an extremist ideology or trying to soften its image
Censorship Versus Fact-Checking and Quality Control
It's not censorship but a matter of quality control
Reinforcing the Allegations Some More, Bryan Lunduke Digs His Own Grave
In his latest episodes he merely repeats his own lies, which I debunked using evidence right from his own mouth
Global Warming and Free Software as a Force of Mitigation
we'll need to think about Software Freedom, not just brands like "Linux"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 06, 2025
IRC logs for Sunday, July 06, 2025
Gemini Links 07/07/2025: BaseLibre Numerical System and TUI Rant
Links for the day
[Video] "Copyleft Isn't a Bug."
"Copyleft isn’t a bug. It’s a feature. GNU GPL forced the world to treat code like a public good."
Being in Social Control Media Means Exposing Oneself to Heckling
Richard Stallman does not (either himself or directly) post to any social control media
Links 06/07/2025: Airlines Perils, Scams, and Breaches
Links for the day
Two Risks to Companies: The Microsoft Culture and the Microsoft Tools
Novell was killed by a form of "social engineering" by Microsoft
It's Hard to Trust People Who Worked - Not Only Those Who Still Work - at Microsoft
Bryan Lunduke is just what people would call an "arsehole of a person"
For the Second Time, Bryan Lunduke From Microsoft is Siccing Racist Trolls and Vandals at Me
You're only reinforcing the point we made yesterday
Links 06/07/2025: End to End Encryption at Risk, Reuters Twitter ("X") Account Withheld in India
Links for the day
Gemini Links 06/07/2025: Tinylog and Certification Rotation
Links for the day
Links 06/07/2025: Climate Change and "The Right to Criticise"
Links for the day
PCLinuxOS Sites Coming Back, Gradually
let's just be patient
Social Control Media, Even If Based on Free Software, Still Has Many Problems
a distraction from what actually mattered and still matters
IBM is Not Your Master
IBM makes friends with people who exclude the majority of the population: women
Help Fund the Free Software Foundation (FSF)
If you have some dollars to spare, go support the FSF
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 05, 2025
IRC logs for Saturday, July 05, 2025
A Short History of Attacks on Techrights (and Boycott Novell Before That)
good opportunity to tell again the story of several (not all) attempts to silence us
The Mainstream Media Took 4 Days to Realise Microsoft Shut Down Its Operations in Pakistan and Fired Everybody
We estimate that Microsoft has had about 29,000 layoffs since January
Leadership in Free Software
Don't let IBM lead. It's a terrible flag bearer.