Bonum Certa Men Certa

Conficker is Alive, Windows Vista is Critically Vulnerable and Microsoft Office Likewise

Magaphone
Patchy Tuesdays always get you down



Summary: New evidence for the lingering pattern of vulnerability, arrogance, and lack of responsibility at Microsoft

Conficker has been a colossal PR problem for Microsoft and security headache to its customers. For the uninitiated, here are some previous posts that we wrote about Conficker:



Microsoft would rather pretend that Conficker is history, but it's far from history. In fact, new variants of it are now appearing and Symantec has issued warnings. For the latest details, see:

i. Conficker Worm Strikes Back With New Variant

The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.


ii. Conficker gets upgraded with defenses

Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.

In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.


It gets worse. The illusion that Windows Vista can be secured is long dead, so no update or upgrade can redeem the user from becoming a zombie (even Vista 7 is open to hijackers [1, 2, 3], long before release). It's the same old routine now that Windows Vista is discovered to be suffering from another "critical" flaw (or set thereof) which has not been patched yet.

March's Patch Tuesday will see yet another critical fix for Microsoft's flagship operating systems.


Users of Microsoft Office will be left vulnerable for at least another month:

Vole said that it will not be fixing a critical Excel vulnerability, which allows attackers to launch malicious code remotely on users' computers via an infected Excel spreadsheet file.


From IDG:

Microsoft Corp. today said it will deliver three security updates on Tuesday, one of them ranked as "critical," but will not fix an Excel flaw that attackers are now exploiting.

All three updates spelled out in today's notice will tackle vulnerabilities in Windows, but as is its practice, Microsoft did not drill any deeper than to specify which versions will be affected.


As usual, Microsoft is hiding the real scale and the real number of vulnerabilities. InformationWeek wrote about this also.

"Our products just aren't engineered for security."

--Brian Valentine, top Windows executive



"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

--Jim Allchin, top Windows executive

Comments

Recent Techrights' Posts

Links 20/09/2024: European Commission on Microsoft Competition Abuses, More Revelations About Mass Layoffs at IBM and Microsoft
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 19, 2024
IRC logs for Thursday, September 19, 2024
Links 19/09/2024: UPC Illegal 'Court' and Microsoft LinkedIn Called Out for Data Misuse
Links for the day
Gemini Links 19/09/2024: Invidious Problems and Install Times
Links for the day
Links 19/09/2024: Scam ‘Funeral Streaming’ and More Microsoft TCO Tales
Links for the day
In Sweden, GNU/Linux Almost 20% of the Laptop/Desktop Market, Firefox Falls to 2%
In the US, once a browser falls below 2%, many critical sites can legally ignore it (or its users' needs) altogether
When Microsoft Pays a Lot of Money to Reddit, 'Linux' Foundation, and Countless Other Entities
As does Google
A CoC Will Destroy Your Free Software Community and Help Imposers of CoC (Like Microsoft)
Abusers like to disguise censorship (of their abuse) as "manners" or good "conduct"
IBM Likely Breaking Several Laws With Latest 'Secret' Mass Layoffs
Never sign an NDA
Gemini Links 19/09/2024: Emacs Wiki and China, IRC Chatting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 18, 2024
IRC logs for Wednesday, September 18, 2024
Links 18/09/2024: Web Server Survey Shows Microsoft Down Again, Omkhar Arasaratnam Leaves Microsoft-connected OpenSSF
Links for the day
Links 18/09/2024: Gaming Layoffs and New Openwashing by Linux Foundation
Links for the day
Gemini Links 18/09/2024: Home, Ashram, and Markdoc
Links for the day
Morale at Microsoft Sinking, More Layoffs Expected, Stock Buybacks Blasted
controversial because they should really be illegal
[Meme] Think. Positive. Saturate the Media.
IBM: Layoffs? What layoffs?
The Kubecost Acquisition Does Not Show IBM is Rich, It Shows It Wants to Distract From Mass Layoffs Happening This Week (Thousands Laid Off in the Dark)
So-called "news deserts" have become a national and international phenomenon (not local/regional)
IBM Has Been Lobbying for Software Patents, It's Not the Free Software Community's Ally
The ancient company has been lobbying for these patents for decades already
Over Half a Day Later the Media Still Doesn't Cover Thousands of Layoffs at IBM
Not even a single news site bothered to investigate and report this? Not even one?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 17, 2024
IRC logs for Tuesday, September 17, 2024