Bonum Certa Men Certa

Conficker is Alive, Windows Vista is Critically Vulnerable and Microsoft Office Likewise

Magaphone
Patchy Tuesdays always get you down



Summary: New evidence for the lingering pattern of vulnerability, arrogance, and lack of responsibility at Microsoft

Conficker has been a colossal PR problem for Microsoft and security headache to its customers. For the uninitiated, here are some previous posts that we wrote about Conficker:



Microsoft would rather pretend that Conficker is history, but it's far from history. In fact, new variants of it are now appearing and Symantec has issued warnings. For the latest details, see:

i. Conficker Worm Strikes Back With New Variant

The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.


ii. Conficker gets upgraded with defenses

Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.

In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.


It gets worse. The illusion that Windows Vista can be secured is long dead, so no update or upgrade can redeem the user from becoming a zombie (even Vista 7 is open to hijackers [1, 2, 3], long before release). It's the same old routine now that Windows Vista is discovered to be suffering from another "critical" flaw (or set thereof) which has not been patched yet.

March's Patch Tuesday will see yet another critical fix for Microsoft's flagship operating systems.


Users of Microsoft Office will be left vulnerable for at least another month:

Vole said that it will not be fixing a critical Excel vulnerability, which allows attackers to launch malicious code remotely on users' computers via an infected Excel spreadsheet file.


From IDG:

Microsoft Corp. today said it will deliver three security updates on Tuesday, one of them ranked as "critical," but will not fix an Excel flaw that attackers are now exploiting.

All three updates spelled out in today's notice will tackle vulnerabilities in Windows, but as is its practice, Microsoft did not drill any deeper than to specify which versions will be affected.


As usual, Microsoft is hiding the real scale and the real number of vulnerabilities. InformationWeek wrote about this also.

"Our products just aren't engineered for security."

--Brian Valentine, top Windows executive



"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

--Jim Allchin, top Windows executive

Comments

Recent Techrights' Posts

Electronic Frontier Foundation Incorporated is Run by/for Corporations Now (Members' Money is Less Than a Quarter of the Money EFF Receives)
Facebook bribes
 
[Video] To Combat Efforts to Cancel or Kill the Career (and Reputation) of the People Who Made GNU/Linux We Must Rally the Community
nobody speaks better for projects and for licences than their own founders
The EFF Should Know Better, But It Is Promoting Mass Surveillance by Facebook (an Endorsement of Lies)
What is going on at the EFF?
Feedback Desired
Feedback can be sent by E-mail
A Message in Support of Richard Stallman, Condemning Those Who Misportray Him
message about Richard Stallman (RMS)
Links 09/12/2023: Many 'Open'AI Employees Strongly Dislike Microsoft, Many Impending Strikes
Links for the day
IRC Proceedings: Friday, December 08, 2023
IRC logs for Friday, December 08, 2023
Over at Tux Machines...
GNU/Linux news
Open Source Initiative (OSI) is Microsoft, It Presents Microsoft-Controlled Projects Like They're Everything That Exists in the World
They're not assessing the real data, they keep track only of projects foolish enough to choose slavery under Microsoft
Links 08/12/2023: Cyber Resilience Act in EU and Denmark Embracing 'Blasphemy Law'
Links for the day
Linus Torvalds Cannot Easily 'Offend' Companies Anymore, But Weeks Ago He Explained Why (Linux Support and Hardware Documentation Has Significantly Improved)
new clip
Links 08/12/2023: Tidal and Simplilearn Layoffs
Links for the day
IRC Proceedings: Thursday, December 07, 2023
IRC logs for Thursday, December 07, 2023
[Video] The Media Facilitates Microsoft's Abuse, Bribes, and Growing Threats to National Security
The failure of the media to properly and independently explain what's happening will continue to doom the media
[Video] The Next Ten Years of Techrights in a World With Changing Threats and Technological Landscapes (or Trends That Are Buzzwords/Cargo Cults)
The video of today talks about the site's (and capsule's plan) for the future
Wikipedia is Vandalism, Brought to You by Microsoft and Bill Gates
Reprinted with permission from Ryan Farmer
Lennart Poettering and Fellow Microsofters Turn GNU/Linux Into Windows, Expect Poor Reliability With systemd-bsod
turning Linux into Microsoft Windows
The Effort to Silence (Squash) GNU/Linux Advocates and Press Coverage
If nobody even mentions it anymore, does it still exist?
Links 07/12/2023: Climate Events Occupied by Their Enemy, Workers Going on Strike
Links for the day
IRC Proceedings: Wednesday, December 06, 2023
IRC logs for Wednesday, December 06, 2023
A Googlebombing Campaign Targeting "Gemini" Takes on E-mail, Too
Google can do Googlebombing too (the term is even named after it)
[Video] Microsoft Without a So-called 'Common Carrier' (Windows Monoculture)
Windows Has Fallen
Rumour: Major Finance Layoffs at Microsoft Next Week
If the rumour is true, we'll be hearing barely anything from the mainstream media next week
Links 07/12/2023: More EPO Patents Squashed, More Pfizer COVID-19 Vaccine "Glitches" Found
Links for the day
Still Not 'Canceled'
Ted Ts'o, Jan Kara, Linus Torvalds last month
Google is Googlebombing the Term "Gemini"
Could Google not pick a name that's already "taken"?