11.13.14

Gemini version available ♊︎

Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Posted in Microsoft, Security, Windows at 12:22 pm by Dr. Roy Schestowitz

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows ‘Update’, which essentially translates into Microsoft manipulating binaries on people’s machines without any changelog (at least not in source code form), is making the news again this month. Windows ‘Update’ is happening quite often (a monthly recurrence), but this time there is a lot to say about it.

The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? “NHS XP patch scratch leaves patient records wide open to HACKERS” says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.

Another story of a botched update of Windows says that “Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud”:

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

That’s what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it’s a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.

CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. “So far in calendar year 2014,” it said, “Microsoft has fixed 215 vulnerabilities in Internet Explorer” (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.

This other report, titled “Potentially catastrophic bug bites all versions of Windows. Patch now”, does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only “[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. ”

“How many times might this flaw have been exploited by now?”So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: “Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?”

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like “Heartbleed” or “Shellshock” — with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 06/02/2023: Linux 6.2 RC7 and Fatal Earthquake

    Links for the day



  2. IRC Proceedings: Sunday, February 05, 2023

    IRC logs for Sunday, February 05, 2023



  3. Links 05/02/2023: Wayland in Bookworm and xvidtune 1.0.4

    Links for the day



  4. Links 05/02/2023: Pakistan Blocks Wikipedia, Musharraf Dies

    Links for the day



  5. IRC Proceedings: Saturday, February 04, 2023

    IRC logs for Saturday, February 04, 2023



  6. Links 04/02/2023: FOSDEM Happening and Ken Thompson in SoCal Linux Expo

    Links for the day



  7. 2023 is the Year Taxpayers' Money Goes to War and Energy Subsidies, Not Tech

    Now that a lot of powerful and omnipresent ‘tech’ (spying and policing) companies are rotting away we have golden opportunities to bring about positive change and maybe even recruit technical people for good causes



  8. Getting Back to Productive Computer Systems Would Benefit Public Health and Not Just Boost Productivity

    “Smartphoneshame” (shaming an unhealthy culture of obsession with “apps”) would potentially bring about a better, more sociable society with fewer mental health crises and higher productivity levels



  9. Links 04/02/2023: This Week in KDE and Many More Tech Layoffs

    Links for the day



  10. Dotcom Boom and Bust, Round 2

    The age of technology giants/monopolies devouring everything or military-funded (i.e. taxpayers-subsidised) surveillance/censorship tentacles, in effect privatised eyes of the state, may be ending; the United States can barely sustain that anymore and raising the debt ceiling won't solve that (buying time isn't the solution)



  11. Society Would Benefit From a Smartphoneshame Movement

    In a society plagued by blackmail, surveillance and frivolous lawsuits it is important to reconsider the notion of “smart” phone ownership; these devices give potentially authoritarian companies and governments far too much power over people (in the EU they want to introduce new legislation that would, in effect, ban Free software if it enables true privacy)



  12. IRC Proceedings: Friday, February 03, 2023

    IRC logs for Friday, February 03, 2023



  13. IRC Proceedings: Thursday, February 02, 2023

    IRC logs for Thursday, February 02, 2023



  14. Links 03/02/2023: Proton 7.0-6 Released, ScummVM 2.7 Testing

    Links for the day



  15. Links 03/02/2023: OpenSSH 9.2 and OBS Studio 29.0.1

    Links for the day



  16. Links 03/02/2023: GNU C Library 2.37

    Links for the day



  17. Sirius Finished

    Yesterday I was sent a letter approving my resignation from Sirius ‘Open Source’, two months after I had already announced that I was resigning with immediate effect; they sent an identical letter to my wife (this time, unlike before, they remembered to also change the names!!)



  18. The Collapse of Sirius in a Nutshell: How to Identify the Symptoms and Decide When to Leave

    Sirius is finished, but it's important to share the lessons learned with other people; there might be other "pretenders" out there and they need to be abandoned



  19. Links 03/02/2023: WINE 8.1 and RapidDisk 9.0.0

    Links for the day



  20. Links 02/02/2023: KDE Gear 22.12.2 and LibreOffice 7.5

    Links for the day



  21. Linux News or Marketing Platform?

    Ads everywhere: Phoronix puts them at the top, bottom, navigation bar, left, and right just to read some Microsoft junk (puff pieces about something that nobody other than Microsoft even uses); in addition there are pop-ups asking for consent to send visitors’ data to hundreds of data brokers



  22. Daily Links at Techrights Turn 15, Time to Give Them an Upgrade

    This year we have several 15-year anniversaries; one of them is Daily Links (it turned 15 earlier this week) and we've been working to improve these batches of links, making them a lot more extensive and somewhat better structured/clustered



  23. Back to Focusing on Unified Patent Court (UPC) Crimes and Illegal Patent Agenda, Including the EPO's

    The EPO's (European Patent Office, Europe's second-largest institution) violations of constitutions, laws and so on merit more coverage, seeing that what's left of the "media" not only fails to cover scandalous things but is actively cheering for criminals (in exchange for money)



  24. European Patent Office Staff Votes in Favour of Freedom of Association (97% of Voters in Support)

    The Central Staff Committee (CSC) at the EPO makes a strong case for António Campinos to stop breaking and law and actually start obeying court orders (he’s no better than Benoît Battistelli and he uses worse language already)



  25. Links 02/02/2023: Glibc 2.37 and Go 1.20

    Links for the day



  26. IRC Proceedings: Wednesday, February 01, 2023

    IRC logs for Wednesday, February 01, 2023



  27. Links 01/02/2023: Security Problems, Unrest, and More

    Links for the day



  28. Links 01/02/2023: Stables Kernels and Upcoming COSMIC From System76

    Links for the day



  29. IRC Proceedings: Tuesday, January 31, 2023

    IRC logs for Tuesday, January 31, 2023



  30. Links 31/01/2023: Catchup Again, Wayland in Xfce 4.20

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts