EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.13.14

Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Posted in Microsoft, Security, Windows at 12:22 pm by Dr. Roy Schestowitz

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows ‘Update’, which essentially translates into Microsoft manipulating binaries on people’s machines without any changelog (at least not in source code form), is making the news again this month. Windows ‘Update’ is happening quite often (a monthly recurrence), but this time there is a lot to say about it.

The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? “NHS XP patch scratch leaves patient records wide open to HACKERS” says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.

Another story of a botched update of Windows says that “Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud”:

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

That’s what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it’s a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.

CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. “So far in calendar year 2014,” it said, “Microsoft has fixed 215 vulnerabilities in Internet Explorer” (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.

This other report, titled “Potentially catastrophic bug bites all versions of Windows. Patch now”, does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only “[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. ”

“How many times might this flaw have been exploited by now?”So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: “Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?”

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like “Heartbleed” or “Shellshock” — with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 22/11/2019: Slimbook’s GNU/Linux Laptops, Kubernetes Hype

    Links for the day



  2. Techrights is Still a Team Effort

    Getting involved in what we do is not difficult and it is even encouraged



  3. Guest Post/Off-Topic: Koalas Caught in Australian Bushfire

    Australian volunteers and rescuers need help to rescue helpless animals facing danger



  4. Global Patent Warming

    The old term "Global Patent Warming" comes to mind when one assesses the neoliberal approach of today's EPO, where the sole goal is making piles of money by granting loads and loads of illegal European Patents



  5. IRC Proceedings: Thursday, November 21, 2019

    IRC logs for Thursday, November 21, 2019



  6. Teaser: “Enriching Exchanges”

    Ahead of the fourteenth part in the Breton series this old tweet seems increasingly relevant



  7. Web Site Which Exposed Microsoft Crimes is Gone From the Web, But Copies Still Exist

    Reputation laundering operations of Microsoft tell us that Microsoft is a 'new' and 'reformed' company; but Comes v Microsoft documents serve to show that little has changed



  8. Understanding Thierry Breton: Socialising With the Elite

    "Bernadette Chirac is not the only Presidential widow with whom Valerie has close connections."



  9. Justice Peter Huber Speaking to a Front Group of Team UPC May Compromise the Integrity of the FCC and Its Outcomes

    The public reaction, even from some legal professionals, isn't too positive, seeing how judges from BVerfG (FCC) speak to the mouthpieces of Team UPC (biased and in the pockets of the litigation 'industry')



  10. Injustice at Every Level Would Simply Doom the Entire Patent System

    Repeated failure to restore the Rule of Law and enforce accountability/oversight in Europe's patent system renders the entire system moot; it is a case of adherence to basic constitutional pillars



  11. Understanding Thierry Breton: Thierry and the $100 Billion Man

    Thierry Breton's connections to the tax avoidance ploy of his friend Bernard Arnault



  12. Links 21/11/2019: Mesa 19.3.0 RC4, Canonical SPS

    Links for the day



  13. Links 21/11/2019: Charmed OSM, Mesa 19.2.5, DXVK 1.4.5, Zorin OS 15 Lite

    Links for the day



  14. Understanding Thierry Breton: Atos Healthcare - “The Ugly Face of Business”

    "...2,380 people died after their claim for employment and support allowance (ESA) ended because a work capability assessment (WCA) found that they were found fit for work."



  15. IRC Proceedings: Wednesday, November 20, 2019

    IRC logs for Wednesday, November 20, 2019



  16. Microsoft Tim: Microsoft is Now Defending Linux

    The difference between fiction and reality



  17. Justice Peter Huber of the German Federal Constitutional Court (FCC) Calls 'Bullshit' a Rumour Nobody Really Spreads

    A sort of 'trial by media' (by Team UPC) compromises the integrity of the case (constitutional complaint) and can be interpreted as judges succumbing to lobbying/pressure from those who conspire to violate many constitutions across Europe for personal/financial gain



  18. Understanding Thierry Breton: What Thierry Did Next...

    "Whether by coincidence or not, when Atos announced in 2010 that it would acquire Siemens’ IT unit, it was the 32-year-old Macron at Rothschild who advised Breton on the deal."



  19. Links 20/11/2019: HONOR MagicBook With GNU/Linux, Coreboot 4.11, GNU Health Patchset 3.6.1

    Links for the day



  20. IRC Proceedings: Tuesday, November 19, 2019

    IRC logs for Tuesday, November 19, 2019



  21. EPO Geared Towards Financial Exploitation of Europe Instead of Serving Europe

    For the financial benefit of law firms and patent offices (they profit from processing loads of patents and lawsuits) Europe is being reverted back to Medieval Times when exercising invention and free thought (or free coding) was a luxury of the rich alone



  22. Microsoft and IBM Are the Patent Trolls, They Won't Protect Us From Trolls

    "Microsoft has no taste" and IBM has no taste, either; they're lying to our collective face together with OIN and the 'Linux' Foundation



  23. How Ralph Nader Put It

    Ralph Nader on money in politics



  24. ZDNet (CBS) Associates GNU/Linux Users With ISIS

    Response to "US student was allegedly building a custom Gentoo Linux distro for ISIS," just published by ZDNet and composed by their biggest troll, Catalin Cimpanu



  25. Understanding Thierry Breton: Noël Forgeard and His “Golden Parachute”

    The end of the first half of the Breton series; in this particular part we continue to cover the EADS scandal and the second half of this series will include the EPO connections (the vote in a plenary for Breton's nomination is due 27/11)



  26. Links 19/11/2019: Zswap's B-Tree Search Implementation, WordPress 5.2.4

    Links for the day



  27. We've Already Entered the Era When Patents Should be Presumed Invalid

    The abundance of low-quality patents may mean short-term profits for patent offices and law firms; but we know at whose expense they are profiting and the legitimacy of patent systems suffers as a result



  28. Jean-Luc Breton

    Breton a champion of obstruction and obfuscation



  29. Understanding Thierry Breton: Insider-Trading Scandal at EADS

    Although Breton was not directly implicated in the insider trading scandal itself he did come under fire in 2007 for the role he played in a side-show to the main story, namely the payment of a generous € 8.5m severance package to Noël Forgeard when the EADS co-CEO was compelled to resign in June 2006.



  30. Startpage is Not Denying Its Betrayal of Privacy, It is Just Being Evasive

    They can't call you a liar if you issue a non-denying 'denial'; the "Roll Safe Think About It" meme seems applicable here


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts