Nothing New Under the Microsoft

Dr. Roy Schestowitz

2008-12-11 11:28:36 UTC
Modified: 2008-12-11 11:28:36 UTC

Cracker

Microsoft's handling of security is a cyclic routine that goes like this:

Many flaws get reported, accumulated, and then mostly ignored
Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
Patches arrive too late, after many servers and desktop have already been hijacked
A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
Patches turn out to be dysfunctional and consequently many computers are left out of services
Microsoft reworks the patches and then delivers a patch to the broken patches
Repeat (1)

This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers. ⬆

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Comments

pcolon

2008-12-11 11:47:33

MS can spin this to increase their server footprint without having to embrace Apache by claiming "MS has the real "A-Patchy" servers .
Richard Mclaughlin

2008-12-11 22:41:13

actually, it's more like this. Patches are released. smart people and IT departments install them. average joe blow doesn't. Hacker looks at the hole the patch fixed and attacks the hole. systems go down because people didn't upgrade when the patch came out.

Having run call centers for 15+ years, I know this to be a fact.
Roy Schestowitz

2008-12-11 22:53:48

How many of those "smart people" actually get 'burned' for installing bad patches? Quality counts too.

The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

EPO Union Leaders in Rijswijk Explain Where EPO Strikes Stand and How to Prepare for Next Week's: We have some revelations to share in a few days
Microsoft's "AI CEO" (Slop Propagandist) is Projecting, Many Microsoft "Jobs to be Replaced With All-Indian Low-Paid Staff in 12 Months": Windows is perishing
The Few Slopfarms We Saw Today: The sentiment has changed a lot
Links 19/02/2026: Protecting Framework Laptop 13, Hardware Drive Shortages: Links for the day
In Africa's Second-Largest Nation, Democratic Republic of the Congo (DRC), Opera 10 Times Bigger Than Firefox (and GNU/Linux Now at 5%): This will become an accessibility problem
Links 19/02/2026: "A.I.pocalypse" Inevitable and "Butlers to LLMs": Links for the day
An Inherently Royal (Monarchs') Legal System Where Size Matters (Big Capital Eats the Small): This reinforces the notion that justice is only for those who can afford it
These Statistics Should Keep Microsoft Shareholders Awake at Night: Windows is, in general (all versions collectively), declining over time
Economic Failure and Other Harsh Realities Have Nothing to Do With Slop 'Innovation': Advanced propaganda, not advanced 'AI' [...] They attack workers while insulting their intelligence
Spaniards Shutting Down MElon's Digital Weapon of "Smart Mobs": Are the Spanish people already acting based on gut feeling and shunning/shutting out the provocation vector?
Bitcoin: government engagement contradictions: Reprinted with permission from Daniel Pocock
Richard Stallman in the United States - Part II - "Haters Gonna Hate": we shall carry on with this series at the right pace
Typical! Solicitors Regulation Authority (SRA) Tells Victims of Fraud to Wait 10 Weeks: justice delayed is justice denied
statCounter: Only One in 350 Iranians Would Use Microsoft for Web Search: Microsoft is trying to fake "demand"
Slides Shown a Week Ago by the EPO's Staff Committee Ahead of the Second Very Large Strike: This coming weekend we'll drop a 'bombshell' of sorts
EPO "Cocaine Communication Manager" - Part II - Illegal Drug Addicts Mobbing the Wrong People, This Will Definitely Backfire: This year may well be the last year of Team Campinos. Nobody will hire them after that.
Mass Layoffs (But Silent Layoffs) Still Happening in IBM, You Need Only Look Closely (There Are NDAs, PIPs, 'Early Retirement' Sweeteners and IBM - Like Microsoft - Skirts the WARN Act): the layoffs are definitely happening
Very Little Slop: We are not finding much slop anymore
Links 19/02/2026: Illegal Kangaroo Court for Patents Attracts Aggressive Firms, Public Domain Review Grows: Links for the day
Gemini Links 19/02/2026: Taxing the Rich, Raspberry Pi 4 Tinkering: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 18, 2026: IRC logs for Wednesday, February 18, 2026
Links 18/02/2026: DMCA Weakened, Anna’s Archive Still Thriving: Links for the day
Links 18/02/2026: Gig 'Economy' Condemned, Microsoft Insulting/Stressing People With False Slop Predictions: Links for the day
Twitter Falling to 1% in Africa's Largest Nation (Algeria): About 15 years ago the regime in Egypt got toppled (and others had been too) partly because of social control media such as Twitter
"How Many Friends Do You Have?": "Do bots count?" "Friends in Facebook?" "Does a girlfriend chatbot count as a friend?"
Solicitors Regulation Authority (SRA) Responds to Crises Only After It's Way Too Late: The SRA does not do its job. The new chief's job is face-saving PR in the media.
The Techrights Team Makes the Platform Faster: The infrastructure is already fast
Mozilla Firefox Died in Afghanistan: Mozilla has been a complete disaster
Gemini Links 18/02/2026: Astronomy and Texinfo: Links for the day
Are IBM CEO and IBM CFO Ready for Financial Audit That Topples the Shares by 50% in One Day?: The same "chefs" that cooked up Kyndryl Holdings Inc are still in charge of the IBM kitchen
France Does Not Need Digital Weapons Disguised as Social and as Media: French people lost interest in Social Control 'Media' (or Networks)
"Senior AI Reporter" at Slop Technica/Ars Sloppica Has Written Nothing in Nearly a Week, Did Conde Nast Suspend Him for Fake Articles With Fake Quotes?: Slop Technica/Ars Sloppica is having a serious credibility issue right now
Linux Foundation Puts Slop Images, Not Just Slop Text, in Linux.com: More of the same then
The Register MS Paid-for 'Articles' (Ads) Seem to be LLM Slop Again: If it's true that The Register MS is resorting to these marketing tactics, will they later delete the evidence (as they did months ago)?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 17, 2026: IRC logs for Tuesday, February 17, 2026
Microsoft Had Mass Layoffs Every Month Last Year, This Year It's Delaying a Lot to "Prove" Rumours That Crashed Its Stock... 'Wrong': Building a bigger snowball for later
Red Hat Is Not a Company Anymore, Amid Bluewashing and Mass Layoffs It's Merely IBM "Division" or "Brand" or "Product": systemd at this point is sort of like IBM/Microsoft thing
IBM suffers "worst weekly drop in six years", Microsoft's MSN calls it "buying opportunity": Ask Cramer what to do
Still Some Slopfarms in View, Sometimes Targetting "Linux": That's a total of at least 4 in Google News today, coming from 3 sources
Gemini Links 17/02/2026: 3D-Printed Stainless Steel Smartwatch and Gopher Bay Offline: Links for the day
Links 17/02/2026: Machine Rage and Microsoft Kills XBox Social Clubs: Links for the day
EPO "Productivity" Will Fall Off a Cliff If Examiners Stick to the European Patent Convention (EPC) and Follow the Real Rules: The EPO's "Cocaine Communication Manager" would hate to see the next "productivity" metrics
The Problem is Not Technology, the Problem is Really Bad Things Sold or Imposed as "Tech" (Like a Religion Built Around Technology): Don't hate technology, hate the corporations that abuse it to promote coercion, exploitation etc.
Resisting IBM and EPO Corruption: Rise up against EPO dictatorship next week
Where Slop Meets Ghostwriting: It's a False Analogy: It's a false analogy
Links 17/02/2026: Why OpenClaw is Very Sleazy and Ars Technica Exposed as Hub of LLM Slop (Credibility Destroyed Overnight): Links for the day
Benj Edwards (Ars Technica) Used Fake Articles to Promote Ponzi Scheme for Conde Nast and Its Client (Marketing): What Ars Technica and Conde Nast do here helps defraud the general public
Slop Technica: Ars Technica Seems Like Repeat Offender, a Part-Time Slopfarm: The culprits are repeat offenders, but the publisher will never admit this in public
Only One in 50 Saudis Would Use Microsoft for Search, Almost Same as Would Use Russia's Yandex: If statCounter is to be trusted
Microsoft's "AI" Concerns Are All Indian (or Low-Paid Workers Who Work Extra Hours Unpaid): portraying charlatans and frauds like they're some kind of visionaries and luminaries
Microsoft Turned Bing Into Censorship Machine of China, But Bing Is Pegged at a Mere 2% in Asia, Yandex is Bigger: Expect many Bing layoffs some time soon (like in past years)
Just Like The Register MS, Conde Nast's Ars Technica Has Just Publicly Admitted That It Published Fake Articles (Slop) Made by LLMs About Serious Subjects: Conde Nast might shut Ars Technica down to escape the bad publicity/association
Solicitors Regulation Authority (SRA) Way Too Slow to Respond to Financial Fraud at Law Firms, in Effect Helping Those Law Firms Defraud Many More People (Fleecing Clients): Who will hold the SRA accountable for this?
Techrights Became a Hub for News That IBM/Red Hat Doesn't Want You to See (and Pays Mainstream Media to Distract From): the more viciously the notorious organisation attacks the reporter, the greater the interest in what the reporter has to say
EPO's Central Staff Committee on Fourth Technical Meeting, Two Days Before First of (At Least) 4 Winter Strikes at the Second-Largest European Institution: “future orientations on the salary adjustment procedure”
IBM's Collapse Continues, Half of EU Countries to Have Mass Layoffs, "IBM Clearly Disinvests From Europe" Says IBM European Works Council: Recent publication
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 16, 2026: IRC logs for Monday, February 16, 2026
Gemini Links 17/02/2026: Alpenglow Industries' Closure and Gemini Server Issues: Links for the day

Nothing New Under the Microsoft

Comments

Recent Techrights' Posts