Bonum Certa Men Certa

Eye on Microsoft: This Week's Security Hall of Shame

Summary: Microsoft security news from the past few days

Microsoft patches huge Windows 7 RC bug (that's not a bug, it's just release candidate by Microsoft's standards)

Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing.

[...]

"The folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor," Microsoft acknowledged in the support article. "One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail."


Pirates on Board the M.S. MoneyTanker!

Microsoft needs to be regulated, forced, coerced, sued and hammered on until they start up a substantial anti-botnet, anti-piracy effort that goes on the offensive against infected systems running their software.

[...]

Personally I'm tired of Microsoft's passive stance on allowing their customer's computers to be used as Internet versions of Typhoid Mary. They need to be held to account. There are lemon laws for bad cars. Doctors get sued for mal-practice. The EULA only protects Microsoft. Its about time that there was a balance between users as a class or an economic force and Microsoft.

Scare the hell out of the stockholders with a $25 billion fine and maybe Microsoft will move to tighten up OS install security.

Crackers who get caught and prosecuted are fined for their activity. So why can't Microsoft be fined for their apparent malpractice or indifference in really locking down security around their operating system image?


Please Join me in welcoming memcpy() to the SDL Rogues Gallery

Because we have seen many security vulnerabilities in products from Microsoft and many others, including ISVs and competitors, and because we have a viable replacement, I am “proud” to announce that we intend to add memcpy() will to the SDL C and C++ banned API list later this year as we make further revisions to the SDL. Right now, memcpy() is on the SDL Recommended banned list, but will soon be added to the SDL banned API requirement list now that we have more feedback from Microsoft product groups.


Organised crime cops seek international hacking powers

British law enforcement agents are quietly working with European counterparts on changes to national legislation that will allow them to share intelligence gained by hacking into suspects' PCs.

Sharon Lemon, director of the Serious and Organised Crime Agency's (SOCA) e-crime unit, told The Register data laws in some EU countries make it impossible for investigators to obtain and pool data covertly.


Malware infested MPs' PCs inflate leak risk

"That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act." (Bernard Woolley, Yes Minister)

The ongoing MPs' expenses row has brought public opinion of politics and politicians in the UK, never very high, towards unplumbed depths.

Embarrassing disclosures about how politicians across the political spectrum subsidised their living expense from the public purse follow hard on the heels of leaked emails regarding a proposed New Labour smear campaign against senior Tories, cobbled together by spin doctors Derek Draper and Brown aide Damian McBride in the style of In the Loop's Malcolm Tucker.


Hackers 'destroy' flight sim site

Flight simulator site Avsim has been "destroyed" by malicious hackers.

The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft's Flight Simulator.


Microsoft update closes fourteen vulnerabilities in PowerPoint (14 "critical")

Although, as announced, Microsoft is distributing only a single update (MS09-017), it's a biggie that closes fourteen security vulnerabilities in PowerPoint 2000, 2002, 2003 and 2007, and in PowerPoint Viewer 2003 and 2007.


IIS 6 + Webdav auth bypass and data upload (more here)

In other words Microsoft, certainly through the late addition of Unicode support to IIS, failed to realise that converting chars to unicode representation should happen before any "security" checks. So the flaw was one of logic, Unicode convertion after the security check.


Conficker Worm Infects Hospital MRI Machines

The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet Storm Center, tracked Conficker to an MRI machine in a hospital when the machine’s computer connected to the worm’s command and control center for instructions.


Recent Techrights' Posts

Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
let's revisit the subject
Links 10/06/2025: Jaws at 50 and US Democracy Crushed Very Rapidly (Martial Law Seems Imminent)
Links for the day
Abuse Inside the Polish Patent Office (UPRP) - Part VII: Washing Their Hands After Corruption and Abuse
"Tragedy or comedy?"
Culling Bad RSS Feeds of Bad Sites
Not throwing out the baby with the bathwater
 
IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
IBM's Goal Is Not (and Never Was) Computer Users' Freedom
More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
Wayland Shows the IBM/Red Hat Way of Doing Things
IBM is trying to 'kill' X
GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
"IRS tax filing software [will be] released to the people as free software" ... In general this is good news
Slopfarm Catastrophe
Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
How many people need to die for these people to get their massive salaries?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 10, 2025
IRC logs for Tuesday, June 10, 2025
Links 10/06/2025: Apple Hype and Physical Attacks on Bloggers
Links for the day
Gemini Links 10/06/2025: Loon Lake, Farming, and Forth
Links for the day
If 'Microsoft v Techrights' is Dealt With by a 'Microsoft Court' (or a Court Outsourced to Microsoft)
More on that later
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 09, 2025
IRC logs for Monday, June 09, 2025
Gemini Protocol Turns Six in 10 Days From Now
If you haven't tried it yet, then give it a go today
Live as You Preach
technology is fast becoming dysphoric
Gemini Links 09/06/2025: Addition Addiction and Nitride
Links for the day
Links 09/06/2025: Science, Hardware Projects, and Democracy Receding
Links for the day
Computers Got Smaller, So GNU/Linux Got Bigger
Many people here recognise the lack of urgency (or need) to get expensive new laptops
BetaNews is a Plagiarism and LLM Slop Hub, the Chief Editor Isn't Addressing This Problem Anymore
SS Fagioli is basically a parasite leeching off or exploiting other people's work
Links 09/06/2025: Chaos in Los Angeles and Hurricane Season
Links for the day
GNU/Linux Grows at Windows' Expense and Microsoft Trolls Infest and Maliciously Target Articles About It
Microsoft is - and has long been - organised crime
They Say I'm Mr. Bombastic
They didn't take good lawyers
Links 09/06/2025: Windows TCO and Many Data Breaches
Links for the day
Abuse Inside the Polish Patent Office (UPRP) - Part VI: Political Stunts by Former President Edyta Demby-Siwek and the Connection to Profound Corruption at EUIPO
it's like a money-laundering operation where one politician rewards another at taxpayers' expense
Gemini Links 09/06/2025: Pipelines and Splitgate
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 08, 2025
IRC logs for Sunday, June 08, 2025