11.13.14

Gemini version available ♊︎

Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Posted in Microsoft, Security, Windows at 12:22 pm by Dr. Roy Schestowitz

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows ‘Update’, which essentially translates into Microsoft manipulating binaries on people’s machines without any changelog (at least not in source code form), is making the news again this month. Windows ‘Update’ is happening quite often (a monthly recurrence), but this time there is a lot to say about it.

The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? “NHS XP patch scratch leaves patient records wide open to HACKERS” says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.

Another story of a botched update of Windows says that “Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud”:

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

That’s what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it’s a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.

CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. “So far in calendar year 2014,” it said, “Microsoft has fixed 215 vulnerabilities in Internet Explorer” (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.

This other report, titled “Potentially catastrophic bug bites all versions of Windows. Patch now”, does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only “[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. ”

“How many times might this flaw have been exploited by now?”So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: “Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?”

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like “Heartbleed” or “Shellshock” — with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  2. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  3. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  4. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  5. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  6. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  7. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  8. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  9. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  10. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  11. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all



  12. Jack Dorsey's Decision is a Wake-up Call: Social Control Media is Just a Toxic Bubble

    The state of the World Wide Web (reliability, preservation, accessibility, compatibility etc.) was worsened a lot more than a decade ago; with social control media that’s nowadays just a pile of JavaScript programs we’re basically seeing the Web gradually turning into another Adobe Flash (but this time they tell us it’s a “standard”), exacerbating an already-oversized ‘bubble economy’ where companies operate at a loss while claiming to be worth hundreds of billions (USD) and generally serve imperialistic objectives by means of manipulation like surveillance, selective curation, and censorship



  13. IRC Proceedings: Monday, November 29, 2021

    IRC logs for Monday, November 29, 2021



  14. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day



  15. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission



  16. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention



  17. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)



  18. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day



  19. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel



  20. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)

    Balabhadra (Alex) Graveley was promoting .NET (or Mono) since his young days; his current job at Microsoft is consistent with past harms to GNU/Linux, basically pushing undesirable (except to Microsoft) things to GNU/Linux users; Tomboy used to be the main reason for distro ISOs to include Mono



  21. Dr. Andy Farnell on Teaching Cybersecurity in an Age of 'Fake Security'

    By Dr. Andy Farnell



  22. IRC Proceedings: Sunday, November 28, 2021

    IRC logs for Sunday, November 28, 2021



  23. Links 29/11/2021: Linux 5.16 RC3 and Lots of Patent Catch-up

    Links for the day



  24. By 2022 0% of 'News' Coverage About Patents Will Be Actual Journalism (Patent Litigation Sector Has Hijacked the World Wide Web to Disseminate Self-Promotional Misinformation)

    Finding news about the EPO is almost impossible because today’s so-called ‘news’ sites are in the pockets of Benoît Battistelli, António Campinos, and their cohorts who turned the EPO into a hub of litigation, not science; this is part of an international (worldwide) problem because financial resources for journalism have run out, and so the vacuum is filled/replaced almost entirely by Public Relations (PR) and marketing



  25. Trying to Appease Those Who Never Liked Free Software or Those Who Blindly Loved All Patent Monopolies to Begin With

    It’s crystal clear that trying to appease everyone, all the time, is impossible; in the case of the EPO, for example, we hope that exposing Team Battistelli/Campinos helps raise awareness of the harms of patent maximalism, and when speaking about Free software — whilst occasionally bashing the alternatives (proprietary) — we hope to convince more people to join the “Good Fight”



  26. Links 28/11/2021: Laravel 8.73 Released, GitHub Offline for Hours

    Links for the day



  27. IRC Proceedings: Saturday, November 27, 2021

    IRC logs for Saturday, November 27, 2021



  28. Links 27/11/2021: Nvidia’s DLSS Hype and Why GNU/Linux Matters

    Links for the day



  29. [Meme] Linus Gabriel Sebastian Takes GNU/Linux for a (Tail)'Spin'

    If you’re trying to prove that GNU/Linux is NOT Windows, then “haha! Well done…”



  30. GNU/Linux is for Freedom and It'll Gain Many Users When (or Where) People Understand What Software (or Computing) Freedom Means

    Software that respects people's freedom (and by extension privacy as well) is an alluring proposition; those who choose to try GNU/Linux for the wrong reasons are likely the wrong target audience for advocates


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts