Bonum Certa Men Certa

The (Microsoft) Nightmare Before Christmas

No, not the film

THIS TYPE OF THING happens almost every year. It's another familiar 'emergency Christmas' that may lead to higher blood pressure.

Data in Microsoft Databases Under Threat



Just before the holiday, Microsoft decided to give people fewer reasons to rest well, having recently patched half a dozen critical flaws.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.


They have been negligent enough not to fix this in 8 months. Microsoft keeps known flaws to itself until it's too late and damage is being done.

Microsoft Corp. today confirmed that it has been working on a critical vulnerability in SQL Server for more than eight months, but declined to say whether it has had a patch ready since September, as an Austrian security researcher has alleged.


Another emergency patch (almost the third in a month [1, 2, 3]) is likely on its way. Microsoft Fanalysts [sic] are explaining the severity of this as well.

News Analysis. Microsoft has warned of a zero-day vulnerability affecting SQL Server. Do take Microsoft's security advisory seriously.

Remember SQL Server slammer, which struck nearly six years ago? IT administrators were lucky the worm spread a month after Christmas. The new SQL Server vulnerability could bring coal to your Christmas stocking, if left untended.


Scareware and Fakes



There are other new attacks that piggyback on Microsoft.com.

Miscreants are exploiting weaknesses in more than one million webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers.


More here:

Fake Antivirus Peddlers Helped by Microsoft, IRS



Just weeks after the U.S. Federal Trade Commission shut down two companies accused of selling fake antivirus software, a new player has moved into the market, aided by glitches in the Microsoft and U.S. Internal Revenue Service Web sites.


As always, there are fake greeting cards too, whose harm is only Windows compatible (where "clicking" translates to "executing", frequently with full system privileges).

A new worm has emerged that could be much worse than the notorious Storm worm, which ruled the botnet world for nearly two years.


Zombies on the Cloud



We wrote extensively about the threat of zombie PCs. Botnets seem to have recruited almost one in two Windows PCs although most nodes in this network remain unused, so the seriousness remains mostly uncovered -- for now. 98% of the Windows PCs out there are potentially ripe for hijacking, according to Secunia, so it's down to the mercy -- or wrath -- of botmasters.

This has serious ramifications when it comes to security and the United States too can be crushed by botnets, according to this new simulated attack.

US cybersecurity defences fail to thwart mock cyberattack



The basic scenario involved exercises in electronic disruption accompanying a national emergency, a sequence of events played out in Estonia last year and more recently in Georgia. Defenders drew on established defence procedures but these turned out to be inadequate, for reasons not explained in any detail by participants.


Speaking of security, problems may also be introduced by Microsoft's so-called 'cloud' (Azure), which we remarked on in [1, 2, 3, 4].

Amitabh: Microsoft provides a computing infrastructure on which developers can build applications. It is the responsibility of the developer to ensure that their applications, content and services comply with applicable laws and do not engage in malicious conduct. For more information refer to http://www.microsoft.com/azure/termswindowsazure.mspx


Looking at that URL:

# Indemnification.

[...]

You agree to indemnify, pay the defense costs of, and hold Microsoft and its successors, officers, directors and employees harmless from and against any and all claims, demands, costs, liabilities, judgments, losses, expenses and damages (including attorneys' fees)

[...]

# Modifying the Terms.

[...]

Microsoft may at its sole discretion modify this agreement at any time. You can access the most current version of the agreement via the link


That's not so reassuring. For similar reasons, we constantly warn about Microsoft's so-called "open source" licences. Microsoft totally controls the way they evolve.

International database

Comments

Recent Techrights' Posts

Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024