EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.11.15

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Posted in Microsoft, Security, Servers at 9:38 am by Dr. Roy Schestowitz

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden’s NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.

As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

“Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).”Dan Goodin, who typically spends his ‘journalism’ career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It’s a major one, no doubt; But no name, no “branding”…

In Goodin’s own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.

The significant part is in the second paragraph above (“took Microsoft more than 12 months to fix”). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the ‘magic’ of proprietary software. Is the NSA now ‘done’ cracking all the world’s networks that have Windows in them? Is it now ‘safe’ to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft’s own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea’s network. Those who knowingly used an operating system with back doors can’t blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin’s former employer puts it:

What happens six months from now, on 14 July? That’s the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system’s maker.

The article states that many servers will basically be left with permanent back doors. Many of them contain customers’ (or patients’) data.

As Robert Pogson put it, “Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…”

He concludes correctly: “Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable.”

Yes, even bugs with special names, logos, and “branding” — those that the corporate media loves to hype up.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 25/6/2019: Mesa Releases, Less Microsoft in Apache

    Links for the day



  2. The European Patent Office Remains a Crooked Patent Office That Harms Staff and Abolishes the Rule of Law

    The EPO remains a sordid mess, but those who follow mainstream media might not know anything about it because it's not covered anywhere in 2019



  3. USPTO and EPO Faking Growth by Granting Patents on Everything in Nature, But Campaigners Strike Back

    The patent microcosm is eating the world; everything under the Sun must be patented, they insist, even life itself (so they can 'pirate' the Commons and then charge us a tax for 'access' or 'license' to it)



  4. IBM Happy That Patent Quality at EPO Collapsed and It's Easy to Get Software Patents

    The EPO keeps granting illegal European Patents and the media almost never mentions this illegality because it's in too amicable a relationship (typically financial) with the EPO



  5. The Linux Foundation's Staff Uses Windows and Microsoft. Now the Foundation Outsources the Coding and Hosting, Too (to Microsoft of Course).

    The disturbing turns of the self-described "Linux" Foundation, which seems to be promoting proprietary software and even Microsoft rather than Linux and Free/Open Source software while the role or capacity of Torvalds is being gradually diminished



  6. Links 25/6/2019: Raspberry Pi 4, Ubuntu's Change of Mind, Wayland’s Weston 6.0.1

    Links for the day



  7. Patent Extremism: Stacking the Panels, the Surveys, the Hearings, the Debates

    Projection tactics would have the public believe that those who oppose corruption are simply radicals; patent polarity has come to the point where if one isn't a "true believer" in blackmail (patent trolls) or opposes bribery, then one is simply a "fringe" and akin to terrorists



  8. Links 24/6/2019: Linux 5.2 RC6, Skrooge 2.20.0, ZFS vs. OpenZFS

    Links for the day



  9. The EPO Needs a President Who Obeys the Law, Not One Who Obeys Battistelli

    Succession based on nepotism at Europe's second-largest institution served to shown how inherently broken things had become and why cover-up of injustices is nowadays paramount (not fixing the flaws/ills but merely perpetuating them)



  10. With Water (Treatment) Already Patented It Won't Take Long for Patents (and Patent Royalties) on Air

    A 'paper economy' is what Europe turns into if the current trajectory is followed (led by lawyers, not producers)



  11. Bill Gates Said He Was on a “Jihad” Against GNU/Linux, But GNU/Linux Users/Developers Engaged in Self-Defense Are Foul-Mouthed 'Microsoft Haters'?

    Microsoft, which routinely commits very serious crimes, tries to come across as some sort of philanthropy whereas those who share their work with the public (for greater good) are described as erratic, rude and unworthy of respect from corporations (outcasts basically, deprived of income source)



  12. What Patents the EPO Has Just Awarded (With a Special Reward), Not Just Granted

    The EPO's practice of elevating some patents over the other patents (European Patents) is perhaps more of a societal liability than the EPO cares to realise



  13. Required Reading: Mental State of Team Battistelli/Campinos

    On the heels of yesterday's article about Team Battistelli/Campinos, here are some recommended/required papers on the problem which likely plagues the Office



  14. Links 23/6/2019: Wine 4.11, FreeBSD 11.3 RC2

    Links for the day



  15. Microsoft Apparently Did a Patrick Durusau on Wim Coekaerts to Broaden Its Control Over GNU/Linux

    Microsoft tactics for defection and takeover of the competition (without coming across as hostile) aren't new tactics; internal documents from Microsoft explain how to achieve this



  16. EPO Directors Would be Wise to Rebel Against Team Campinos While They Still Have the Job

    As the EPO continues its bold journey towards dictatorship (where presidencies are passed between friends and ‘circles’ are former colleagues or close confidants) Techrights urges those who have power to speak out — e.g. EPO judges and Directors — to do something before it’s too late



  17. American Front Group Open Invention Network (Riding the Linux Brand) is a Proponent of Software Patents in Europe

    The impact of American multinationals in Europe is difficult to deny; in fact, we're observing the same old lobbying/lobbies still working hard albeit more covertly (typically using front groups)



  18. Say 'Hey Hi' to Software Patents

    Using the “AI” (“HEY HI”) hype the ‘community’ of patent maximalists hopes that every little (and possibly very old) algorithm will suddenly sound amazing and innovative — to the point where it becomes unthinkable to deny a patent monopoly on it



  19. A Personal Note From Ted MacReilly (How Microsoft Works Against GNU/Linux)

    A tongue-in-cheek write-up highlighting the ways Microsoft insiders think and how they strategise against GNU/Linux and Free/libre software



  20. The Linux Foundation's New Vice Chair, Wim Coekaerts, Worked for Microsoft

    The Linux Foundation is boosting the Microsoft boosters and calls that "community"



  21. Links 21/6/2019: GNOME 3.33.3, 32-Bit Support Further Neglected, DragonFlyBSD 5.6.1 Released

    Links for the day



  22. Leaked: Harassment of EPO Directors by Team Campinos

    “New BIT organisation and staff changes,” a novel kind of newspeak, means that Directors are being severely punished without due process at all (“hidden disciplinary measure without disciplinary proceedings”)



  23. Patent Professionals in Europe Have Devolved Into a Marketing Industry

    Lies, buzzwords and hype waves is all that the patent bubble in Europe boils down to these days; loads of bogus patents get granted only for European judges to smack these down (if one can afford the court battle)



  24. Almost Six Months After Iancu Said He Would Make Software Patents Great Again Nothing Has Actually Changed

    We're just a fortnight away from the ludicrous plan of Iancu celebrating 6 months (without accomplishing anything)



  25. Links 20/6/2019: Kubernetes 1.15, Alpine 3.10.0 and Librem 5 June Software Update

    Links for the day



  26. Ignore the EPO's Dumb Festival and Focus on the Abuses Against the Workforce and Its Quality of Work

    Don’t lose sight of the appalling behaviour of the management of the EPO; the last thing it wants is press coverage about its gross abuses and corruption — an aspect it spent literally millions of euros to bury (gaming the news cycle)



  27. Microsoft Attempting to Destroy the Careers of Its Critics, Including Free Software Proponents

    Microsoft isn't changing and has not changed; the tactics described above are still being used, even by its "Open Source" (or "Open at Microsoft") people, who did this to me



  28. Links 19/6/2019: Linux Mint Vs Vista 10, Qt 5.13 Released

    Links for the day



  29. The Linux Foundation's Business Model

    The Linux Foundation's plan, illustrated



  30. Links 18/6/2019: i386 Abandoned by Canonical and a New osquery 'Community'

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts