EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.29.14

The Latest Bug Door in Windows ‘Patched’, But the Patch Breaks Systems

Posted in Microsoft, Security, Windows at 9:10 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

AND THEN WE TOLD CHINA THEY CAN SEE WINDOWS CODE WHILE INVITING THE NSA TO THE FINAL BUILD PROCESS

Summary: Errors in Windows that facilitate remote access and privilege escalation (affecting every version of Windows) continue to surface and those who fix these errors risk bricking their systems/services

Having just made (generated rather, using an online tool) the above meme to make an important point (pardon the “Windows” typo), we wish to bring together some recent news about Microsoft Windows, probably the least secure operating system in the world (by design). The NSA is involved in finalising Windows development and knowing what many people finally know about the NSA, it oughtn’t be shocking that Windows uses weakened/flawed encryption, enables remote access, etc.

Earlier this month there was a lot of press coverage about a massive flaw and an “emergency” patch for Windows. The NSA, for a fact (based on Snowden’s leaks), already knew about this. It knew about before it was patched, as Microsoft tells the NSA about every flaw before patches are applied and flaws become common knowledge.

Stephen Withers, a booster of Microsoft from Australia, said that a “very old but only just fixed Windows vulnerability is the key to a new in-the-wild attack.

“Security vendor ESET says it has detected a real-life exploit for a vulnerability that’s been part of Windows for nearly two decades.”

So it’s not just exploitable by the NSA anymore.

Over at IDG, this flaw was said to have a botched ‘solution’. As the author put it: “Last Tuesday’s MS14-066 causes some servers to inexplicably hang, AWS or IIS to break, and Microsoft Access to roll over and play dead”

So patch or don’t patch, you are in a serious problem either way. Welcome to the “professional” and “enterprise-ready” world of Microsoft.

As Microsoft boosters put it, “Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company’s major platforms, is rated ‘critical’ and it is recommended that you install the patch immediately.”

To brick one’s system?

Here is what British press wrote about it:

MICROSOFT HAS ISSUED an emergency patch for the Kerberos Bug that could allow an attacker to perform privilege escalation in several versions of Windows.

In what will be the firm’s third emergency patch in the past three months, the fix arrives just a week after the monthly Patch Tuesday release.

In other curious news from the same source, British taxpayers’ money has just been wasted cleaning up the mess of Microsoft Windows with its baked-in back doors. Windows is being hijacked en masse, but the corporate media refers to it as “PC”, not Windows. This is a crucial omission. The insecurity of Windows is not always accidental. It was designed to be easy to access (only by the “Good Guys”, of course!). “THE UK NATIONAL CRIME AGENCY (NCA) has arrested five people,” said the British press, “as part of a crackdown on hackers who hijack computers using Remote Access Trojans (RATs).” It’s a shame that they don’t point out that it’s a Windows-only problem. It doesn’t even take much in terms of skill to hijack Windows, as many hackers and crackers can attest to. To quote this report: “The NCA said on Friday that it has arrested two 33-year-old men and a 30-year-old woman from Leeds, along with a 20 year-old man from Chatham in Kent and a 40-year-old from Darlington in Yorkshire.”

This 20 year-old cracker is about as old as the latest bug door from Microsoft. With 19-year-old flaws in Windows (“critical” too) it oughtn’t be hard to hijack Windows-running PCs by the millions and even by the billions. As this article put it, the flaw is very severe and “Microsoft’s out-of-band update yesterday fixes a profoundly serious bug: Any user logged into the domain can elevate their own privilege to any other, up to and including Domain Administrator.”

Robert Pogson wrote that Microsoft “told the world they were naked and now system administrators are scurrying around to make sure every system running InActive Directory has a patch.”

As usual, no logos and brand names for this bug, not even the huge media hype that we saw when GNU Bash and OpenSSL had a bug in them. Perhaps the media learned to accept that Windows is Swiss cheese, or more likely it is unconsciously complicit in Microsoft’s PR.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. luvr said,

    November 29, 2014 at 11:34 am

    Gravatar

    Pity that I’m awfully lousy as an artist, or I would design a “Broken Windows” logo (as a variant of the well-known Windows logo), with the text “ADShock” added in.

What Else is New

  1. 2020: A Time for Resolutions or Revolutions?

    There are nonviolent means by which the current system can be corrected; we need to convince peers and relatives to change the way they behave and not cooperate with unjust elements of the system

  2. IRC Proceedings: Tuesday, June 02, 2020

    IRC logs for Tuesday, June 02, 2020

  3. The Gates Press (GatesGate) -- Part I: Lost the Job After Writing an Article Critical of Bill Gates for Attacking Some Actual, Legitimate Charities (Because They Had Spread GNU/Linux)

    The sociopaths from the fake 'charity' of Bill Gates would go to great lengths to squash criticism and also to eliminate critics; this series tells the story of some of those personally affected

  4. Don't Fall for the Spin, Microsoft is Laying Off Workers and It's Not Just Because of the Pandemic



  5. All They Want is Litigation, Not Innovation

    It's getting difficult to ignore or to overlook the fact that the 'litigation lobby' (the likes of Team UPC and today's EPO management, guided by groups like the Licensing Executives Society International) doesn't care about innovation and is in fact looking to profit by crushing innovation

  6. Reminder: Microsoft Profits From Crushing Protesters for Donald Trump

    Don't lose sight of the fact that what's going on in the United States right now is very profitable to Microsoft

  7. No, GNU/Linux Isn't at 3% and Windows Isn't at Over 90%, Either

    This ludicrous idea that "Linux" (however one defines it) enjoys just 3% of the "market" is false and it should be treated as laughable spin (it is being widely promoted this week, often by Microsoft boosters looking to make charts where Windows stays at above 90% and Vista 10 is 'gaining'... at the expense of Windows)

  8. Links 3/6/2020: Devuan Beowulf 3.0.0 and Tails 4.7 Released

    Links for the day

  9. Links 2/6/2020: New Firefox Release (77), Debian-based MX Linux 19.2, KDevelop 5.5.2, GNU/Linux Growth on Desktops/Laptops

    Links for the day

  10. Techrights Can Figure Out Source Protection/Anonymisation Whilst Operating Very Transparently

    We're still quite radically transparent whilst at the same time enjoying 100% source protection record; we're also improving the software we use to publish more quickly and efficiently

  11. IRC Proceedings: Monday, June 01, 2020

    IRC logs for Monday, June 01, 2020

  12. This is How GNU Finally Dies

    "Brace for when GNU falls the way that OSI, FSF, FSFE, Mozilla, and the Linux Foundation did."

  13. Latest Microsoft Layoffs Spun as 'Innovation' (There's Always a Positive PR Angle)

    The public is expected to simply ignore the fact that Microsoft is laying off employees (again); instead we're expected to think it's all about Microsoft being very brilliant and innovative

  14. Microsoft Playing the Victim, Irrationally 'Hated' by Victims of Its Abuse

    We're meant to believe that those whom Microsoft bribes against are the opinionated 'haters' and Microsoft is a victim of 'hate'

  15. Links 1/6/2020: Linux 5.7, FOSSlife Born, LibreOffice 7.0 Beta1, Linux Mint 20 Making Early Promises

    Links for the day

  16. Linux Without Linus

    The Linux Foundation seems to be acting like Linus (Linux founder) is somewhat of a liability (forcing him to take a ‘break’ from his own project) while taking even the most notorious proposals from corporations, including those that called Linux a “cancer”

  17. What It Would Take for Linus Torvalds to Leave Linux Foundation Without the Linux Trademark and Without Linux

    It's nice to think that the founder of Linux can just take his project and walk away, moving elsewhere, i.e. away from the Microsoft-employed executives who now "boss" him; but it's not that simple anymore

  18. The Past Does Not Go Away, Except From Short-Term Memories

    People who are drunk on power and money (sometimes not even their own money) like to portray themselves as the very opposite of what they are; but in the age of the Internet it's difficult to make the general public simply forget the past and "move on..."

  19. IRC Proceedings: Sunday, May 31, 2020

    IRC logs for Sunday, May 31, 2020

  20. Links 1/6/2020: OpenMandriva Lx 4.1 2020.05, Linux Lite 5.0 Release, FreeBSD 11.4 RC2

    Links for the day

  21. It's a Common Mistake and Common Misconception/Error to Treat Microsoft as Just Another 'Large Company' (or 'Big Tech')

    What's wrong about Microsoft isn't its size; what's wrong with Microsoft is its behaviour, which isn't just illegal (crimes are the norm) but also hugely unethical

  22. Lessons of Michael Arrington (About Microsoft)

    Microsoft and Bill Gates have a long history bullying their critics; the quote above (or below) shows how even people who advertise with Microsoft are becoming the target of abuse

  23. 'Best' of Both Worlds: GNU/Linux Freedom + Malware With Keyloggers and DRM

    Running a Microsoft-controlled GNU/Linux instance under Vista 10 ("Windows Subsystem for Linux") in the age of virtual machines, dual boot and containers makes as much sense as chopping some carrots to go with the veal meal to appease vegetarian diners

  24. First They Bribe the Employer, Media Lynch Mobs May Follow

    The 'cancel culture' lynch mobs, which leverage social causes (or marginalised groups), remain a convenient means by which to oust one's political/business opposition; but money too is a massive contributing factor and the more one has of it, the easier it is to control media narrative and subversive focus

  25. Upcoming Series Teaser: The Bribery Operation of William Henry Gates III

    Bribery goes a very long way when it comes to the megalomaniac who pays the media to portray him as the world's most generous person

  26. Windows Ransomware Must Not be Unspeakable When People Die in Large Numbers Due to That (and Windows Has Intentional Back Doors)

    Loss of electronic patient records, ransom and downtime among the severe consequences of deploying Microsoft inside hospitals; yet the media rarely names the real culprit (manslaughter charges theoretically possible) and nobody gets punished except those who offer real solutions

  27. IRC Proceedings: Saturday, May 30, 2020

    IRC logs for Saturday, May 30, 2020

  28. Burning the House That Richard Stallman (RMS) Built: An Open Letter to GNU Maintainers Who Opposed RMS

    An open letter to people who petitioned RMS to step down and who outsource GNU projects to Microsoft (GitHub)

  29. Links 30/5/2020: Godot Editor Under Web Browsers, Alpine Linux 3.12.0 and EasyOS 2.3

    Links for the day

  30. EPO's Illegal Patents and Massive Corruption Go Unnoticed by Corporate Media and Sites That Cover Patent News

    Very major corruption scandals still emerge in Europe's second-largest institution and illegal patents get granted as well as promoted; somehow, perhaps miraculously, this no longer seems to bother anybody in the media (corruption and radical policies have been gradually 'normalised')

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts