Bonum Certa Men Certa
Links 11/12/2008: New LF Technical Advisory Board; Cybersource for Free Software in Education | Rob Enderle Guarantees “Amazing Numbers”, Show E-mails to Microsoft

Nothing New Under the Microsoft

Cracker



Microsoft's handling of security is a cyclic routine that goes like this:

  1. Many flaws get reported, accumulated, and then mostly ignored
  2. Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
  3. Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
  4. Patches arrive too late, after many servers and desktop have already been hijacked
  5. A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
  6. Patches turn out to be dysfunctional and consequently many computers are left out of services
  7. Microsoft reworks the patches and then delivers a patch to the broken patches
  8. Repeat (1)


This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers.

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.


[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.


[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.


[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.


[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.


Comments

Links 11/12/2008: New LF Technical Advisory Board; Cybersource for Free Software in Education | Rob Enderle Guarantees “Amazing Numbers”, Show E-mails to Microsoft

Recent Techrights' Posts

"Major [IBM] Reductions Will Take Place Soon in Rochester MN"
Maybe that's just the latest office gossip
 
Valve Can Bring More Users to GNU/Linux, But It Won't Bring Freedom
Steam is DRM
Social Control Media is Bots (Fake Traffic, Fake 'Engagement')
As per FORTUNE, 76% of Twitter is alleged to be bots now
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 22, 2025
IRC logs for Monday, December 22, 2025
Techrights as 'Regulator' Against Runaway Trains
"Runaway trains" never scared us because we know that they, unlike us, don't think rationally
How the Slop (So-called 'AI') Bubble Will Burst Next Year
There are already talks about mass layoffs in January
"Generative AI Bubble Has Begun to Pop", Nvidia Rides “Circular Financing... a Strategy That Hearkens Back to the Dot-com Crisis”
For companies like Microsoft this may mean another 30,000+ layoffs next year
Microsoft-Connected Media Talking About XBox Division "Profit Margins" is Distraction From XBox Sales Collapsing 70% in One Year
The simple fact is, Microsoft's console is dead in the water
The Reality is "Vibe Code" (Slop) is That It's Worthless
“Confidently Wrong”
British Web Developers Can Probably Ignore Firefox Users (Based on US Standards)
Mozilla has managed to piss off enough people
On the 'Digital Gulag' of 'Secure Boot' and Microsoft Disguising Its Attacks on Users as "Security"
Dr. Andy Farnell has this new article
Slopfarms Can Only Survive in Google News, Which is Still Promoting Them
Google News promoted only 3 slopfarms today
Gemini Links 22/12/2025: Films, Creativity vs. Consumption, Slop in YouTube
Links for the day
Microsoft XBox Losing Money, Layoffs and Studio Shutdowns (As Well as Price Hikes) Not the Solution
Microsoft does not quite talk about profits
Links 22/12/2025: Data Breaches, deterioration in Politics, and Geminispace
Links for the day
Links 22/12/2025: North Korean Applicants Target GAFAM (Amazon), ‘Orwellian Climate of Fear’ of CPC (Even Outside China)
Links for the day
More IBM Layoffs in India
It's not as simple as "laid off to be replaced by an Indian"
GAFAM Deeply Connected to Jeffrey Epstein, Richard Stallman (RMS) in No Way Connected to Jeffrey Epstein
people who hoarded all the capital get to decide what people think and say
Linus Torvalds Has a Birthday This Coming Weekend, Thankfully He Still Controls His Main Project
GNU and Linux should remain under their control as long as they live
Mozilla is Getting Attention for All the Wrong Reasons, Take a Look at LibreWolf
Just last week Mozilla added a new top-level manager who (as usual) came from a "tech giant"
When Conformism Means Capitulation and Defeat
In an age of injustices like these, we all have some kind of moral obligation not to be conformist.
Text is Still King
But the so-called 'industry' insists that we should download 10 MB of objects from multiple domains... even just to read 5-10 paragraphs of text
Links 22/12/2025: Facebook "Testing $14.99 Monthly Subscription Fee to Post Links" and "Middle East Petrostates as American Media Owners"
Links for the day
Beyond the World Wide Web (WWW)
We continue to treat Gemini Protocol as a first-class citizen
Serbia: GNU/Linux Rises, Windows Down to All-Time Lows
According to statCounter
"Wrestling With Pigs"
"Never wrestle with a pig. You both get dirty, and the pig likes it."
Productive Year and Better Access to Techrights' Archives Going Back to 2006
we've long needed and wanted native, local, independent search facilities
Linux Abandoned by Linux Foundation
It speaks for Microsoft and for so-called 'AI' companies
Microsoft Has Practically Given Up on XBox Already
Expect many XBox related layoffs when 2026 starts (Q1)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 21, 2025
IRC logs for Sunday, December 21, 2025
"Today's [Red Hat] is run by a cabal of vultures."
it seems safe to assume Red Hat too will languish away
Microsoft Layoffs in 2026 Can be Bigger Than 2025 Microsoft Layoffs (30,000+ Workers Laid Off)
"Is there going to be any reorg or Microsoft layoffs?"
Gemini Links 21/12/2025: Solstice, Chaos of CSS, and Program Interpreter Fun
Links for the day
The Free Software Foundation (FSF) Represents People, Not Corporations
FSF isn't in the "business" of appeasing oligarchs
Why?
Why write articles?
Microsoft-Connected Publisher Spinning XBox's Death Spiral (It's Dying Fast) as a Strength and Something Deliberate
"Microsoft’s big gaming pivot"
Slop is Rare by Now
A year ago slop was so abundant that we did a whole series about it, and it was daily
Links 21/12/2025: U.S. Strikes in Syria, "Epstein Files Photos Disappear From Government Website"
Links for the day
Gemini Links 21/12/2025: Labrador Retriever of Lagrange's Developer Dies From Cancer, Political Philosophy, and "Getting to Inbox Zero"
Links for the day
IBM: We Can't Make 'AI' (Voice Recognition) Do the Work of a McDonald's Teenager, So Let's Try the Same on Saudi Planes
IBM is lost. It's truly lost.
Microsoft is Becoming Irrelevant: The Case of Georgia
Not Georgia Tech
Sirius Open Source is Now Imminently Dead (Struck Off)
compulsory strike-off
Dr. Richard Stallman, Invited by LibreTech Collective, is Giving a Public Talk in Georgia Tech Next Month (Scheller College of Business)
They can probably squeeze about 400 people into this room
25 Years of Activism for GNU/Linux
My passion for GNU/Linux brought a lot of contentment
Africa, Where Microsoft Used De Facto Slaves to Pretend to be "AI", Chatbots Usage is 0.2% of Measured Online Traffic
Judging by recent trends in Africa, many "Windows PCs" are being converted into GNU/Linux computers
New Drone Footage Shows IBM is Dead (Parts of It)
The people who participated in IBM when IBM actually mattered probably have boasting rights, unlike people who work for IBM today
Michael Larabel Adds Slop Category to Phoronix, Quickly Realises That It's Worthless
Phoronix nowadays gets carried away; it made a new category to talk about slop and it decided to call it "intelligence" with some caricature of a brain (that's misleading)Phoronix nowadays gets carried away; it made a new category to talk about slop and it decided to call it "intelligence" with some caricature of a brain (that's misleading)
After 35 Years the World Wide Web, HTML, and HTTP Are Proprietary
HTTP/2 added a lot of complexity (it's just a Google protocol, based on SPDY originally), many image formats are proprietary and patented, HTML got 'replaced' by Java-Scripts [sic], and many URLs (the URL system was created in the early 90s) are just long strings for proprietary 'webapps'
The General Public License (GPL) Inspired the Web's Original Openness/Freedom, According to Tim Berners-Lee
"During the preceding year I had been trying to get CERN to release the intellectual property rights to the Web code under the General Public License (GPL) so that others could use it."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 20, 2025
IRC logs for Saturday, December 20, 2025