02.11.15

Gemini version available ♊︎

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Posted in Microsoft, Security, Servers at 9:38 am by Dr. Roy Schestowitz

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden’s NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.

As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

“Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).”Dan Goodin, who typically spends his ‘journalism’ career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It’s a major one, no doubt; But no name, no “branding”…

In Goodin’s own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.

The significant part is in the second paragraph above (“took Microsoft more than 12 months to fix”). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the ‘magic’ of proprietary software. Is the NSA now ‘done’ cracking all the world’s networks that have Windows in them? Is it now ‘safe’ to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft’s own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea’s network. Those who knowingly used an operating system with back doors can’t blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin’s former employer puts it:

What happens six months from now, on 14 July? That’s the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system’s maker.

The article states that many servers will basically be left with permanent back doors. Many of them contain customers’ (or patients’) data.

As Robert Pogson put it, “Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…”

He concludes correctly: “Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable.”

Yes, even bugs with special names, logos, and “branding” — those that the corporate media loves to hype up.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. IRC Proceedings: Saturday, September 25, 2021

    IRC logs for Saturday, September 25, 2021



  2. Links 25/9/2021: GNU/Linux Recognition in Mainstream Media and Wine-Staging 6.18

    Links for the day



  3. Reminder: GNU Turns 38 This Monday Around Midday (When GNU's Founder Gives Talk in Poland)

    With media and Torvalds speaking again about anniversaries (this has gone on for the past week because Torvalds wrote about it yet again), it is important to recall the announcement that got the ball rolling and basically started it all (the GNU/Linux operating system) because it was in 1983, not 1991. We reproduce in full the announcement.



  4. Links 25/9/2021: Wine 6.18 and Chromium Complier Woes

    Links for the day



  5. [Meme] When the EPO Watches Everything ('Dissidents', Media, Etc.) and Isn't Being Watched by Anybody

    The EPO is taking Europe for a wild ride; Everything is a vehicle for the very same agenda, with nobody left to hold it accountable or ask any tough questions… (even the media is in the EPO’s back pocket or back seat)



  6. Virtual Oversight

    “eMeetings” that simulate an impression of oversight are like ‘ViCo’ to simulate access to justice; will that ever change and will oversight be restored at EPOnia, Europe’s second-largest institution?



  7. The Corporate Coup Against the Soul of the Free Software Community Is Not Over

    The erosion of community role in the development of GNU/Linux is a growing problem; part of the problem is that large corporations target technical and philosophical (perceived) leaders in coordinated smear campaigns, led by media they own



  8. IRC Proceedings: Friday, September 24, 2021

    IRC logs for Friday, September 24, 2021



  9. Links 24/9/2021: GNU Coreutils 9.0, BattlEye GNU/Linux Support

    Links for the day



  10. [Meme] 'Linux' Foundation is Greenwashing Microsoft Again, Misusing the Linux Brand Like Nobody's Business

    Microsoft has weaponised the Linux brand to dub a toxic company like itself (helping notoriously polluting companies and generating lots of waste, both directly and through planned obsolescence, inefficient software, DRM, etc.) as "green"



  11. Richard Stallman to Speak (in Person) in Poland, Dedicate the Talk to Medical Professionals

    Days after his talk in Ukraine Richard Stallman plans to do the same in Poland (just announced)



  12. Links 24/9/2021: 30 Years of Europe’s First Root Name Server, Repairability of Laptops Discussed

    Links for the day



  13. ZDNet Has Failed

    ZDNet is on the decline and its demise appears to have greatly accelerated in recent months; we take a quick look at this month's coverage and explain the conflict of interest (it's PR, not news, and it's far too shallow/blatant to simply overlook)



  14. [Meme] Some People Are Just Above the Law

    A lot of people are still flabbergasted or at least baffled/miffed to discover that some people are in effect above the law; not even Europol and Interpol can apprehend and hold them accountable; that needs to change. Had Benoît Battistelli worked for France Télécom S.A. (not the EPO), would he be arrested? What about António Campinos and his drunk son?



  15. NPR and PBS, Both Funded by Bill Gates, Try to Save Him

    Bill Gates continues to corrupt the media and corrupt social control media (such as Twitter) using his money



  16. The EPO Must Forsake Its Diplomatic Immunity and Quit Pretending It's About Patent Law (or Any Law)

    There's no sign of the EPO actually trying to obey the law and correct the mistakes of the past; to make matters worse, the existing administration adds yet more corruption to an already-massive pile while dismissing any form of oversight



  17. IRC Proceedings: Thursday, September 23, 2021

    IRC logs for Thursday, September 23, 2021



  18. Links 24/9/2021: Ubuntu 21.10 Beta, Istio 1.11.3, and More Milestones for Steam Deck

    Links for the day



  19. [Meme] President Campinos Addresses the Legacy of Battistelli's “Strike Regulations”

    A sequence of four EPO memes about those infamous and unlawful “strike regulations” that Benoît Battistelli and António Campinos have exploited to abuse thousands of workers



  20. [Meme] Bill Gates Keeps Digging Himself Deeper in the Grave Each Time He Speaks

    These sorts of ‘interviews’ with Gates’ own propaganda mills (he also pays Twitter now) aren’t going to improve his image; people aren’t infinitely gullible (Source)



  21. Linux Foundation and Other 'Diploma Mills' Say There's Demand for Their Products in Their New 'Research' (Marketing)

    The so-called ‘Linux’ Foundation (LF), together with edX, are basically marketing their services and products, but this is disguised as 'research' (a false narrative widely parroted by shallow and paid-for media partners of theirs), piggybacking brands like “Linux” and buzzwords like “Open Source” (even when they promote proprietary things, e.g. memorisation of proprietary GUIs)



  22. [Meme] The EPO's Carte Blanche and 'Diplomatic Immunity' Card

    EPO staff is being taken for another ride by António Campinos and his cohorts, whose popularity among staff has likely gone down to sub-zero levels already (even faster than Benoît Battistelli)



  23. As Expected, Minimal Pseudo Compliance From EPO Management, Adding Insult to Injury

    SUEPO Central, the core of the staff union of EPO staff (almost 7,000 workers at the EPO, most of whom are SUEPO members), has strong words about the EPO's attitude and stance, which is perhaps unsurprising but still extremely disappointing



  24. Links 23/9/2021: PostgreSQL 14 RC 1 and MidnightBSD 2.1

    Links for the day



  25. Links 23/9/2021: More UPC PR Stunts and IBM (Poettering) TPM for Linux

    Links for the day



  26. The EPO is on the Run (Escaping Negative Press Coverage)

    Aside from tens of millions of euros granted to media and academia (to keep them complicit or silent about EPO corruption, which also implicates the EU) there’s also SLAPP and threats against staff representatives; but Members of the European Parliament are becoming interested in what’s really going on in Europe’s second-largest institution, so this utter waste of EPO money (manipulating the press and gaming universities’ research) might in itself become a scandal sooner or later



  27. [Meme] Lowering the Standards...

    It's time for another round of fluff at the EPO, this time without even travelling (PR-over-'ViCo')



  28. Gemini HTTP/HTML/Web Proxies and Self-Hosting Your Own Proxy

    Gemini protocol (gemini://) and the fast-growing Geminispace (expected to exceed 2,000 known capsules by year’s end, in effect quadrupling in a single year!) are possible to access using Web browsers, at least for those who do not have Gemini clients/browsers just yet; today we examine and give an outline of the options



  29. IRC Proceedings: Wednesday, September 22, 2021

    IRC logs for Wednesday, September 22, 2021



  30. Links 23/9/2021: GNU Parallel 20210922, Moroccan Propaganda From EPO

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts