Summary: Another massive patch Tuesday is due, but Microsoft customers are still left vulnerable

ACCORDING to a flood of reports, Microsoft claims to have just patched 23 vulnerabilities (the real number is a lot bigger and always a mystery). Quite a few of them are "critical".

It's a busy month for Windows administrators, as Microsoft has released eight security bulletins addressing more than 20 vulnerabilities. Five of the bulletins are rated 'critical'.

But here is the important bit:

Missing from the list is relief for a zero-day vulnerability in PowerPoint, actively targeted by hackers since last month.

This most likely means that for at least another month, all Microsoft Office users will be left exposed to attacks which have already begun, with Microsoft confirming this. Later on, people wonder why Conficker is able to propagate quite so rapidly. Here is the latest report about Conficker.

People have been speculating, waiting and prognosticating, but until now the extremely cleverly programmed Conficker worm has limited itself to mainly defensive measures, such as opening various communications channels (Conficker.C can set up peer-to-peer networks with other infected systems) in order to transform itself with downloaded code, and to actively combating anti-virus software and security analysis tools. Even on 1 April, the known date on which Conficker.C would be looking for updates, virtually nothing happened. Now however, money is involved: computers infected with the Conficker worm are downloading the scareware program "SpywareProtect2009".

Despite the latest lie from a Microsoft executive (circulating in the press this week), Windows Vista is just as insecure as its predecessors.

With so many of the world's Windows PCs already enlisted to join a botnet, it is no wonder that -- even according to Microsoft's latest report -- 97% of E-mail is SPAM. We have already shown why this is Microsoft's fault, at least in part. The catastrophic damage is not just one of productivity; according to this new report, there is also a severe environmental cost.

That's what McAfee says in its "Carbon Footprint of Spam" report released Wednesday, which states climate-change researchers from the firm ICF and McAfee's security staff calculated that the amount of energy needed to transmit, process and filter spam globally is equal to 33 billion kilowatt-hours each year. They say that can also be expressed as the equivalent to the electricity used in 2.4 million homes annually or the same green-house gas emissions from 3.1 million passenger cars using 2 billion gallons of gas.

The Inquirer, as usual, sensationalised it a bit.

Spam is killing the planet

[...]

Apparently, dealing with spam burns 33 billion kilowatt hours (one KW is about what a single bar electric heater will use) every year, enough to power 2.4 million homes.

There may be simple solutions to this. ⬆