Bonum Certa Men Certa

Eye on Microsoft: This Week's Security Hall of Shame

Summary: Microsoft security news from the past few days

Microsoft patches huge Windows 7 RC bug (that's not a bug, it's just release candidate by Microsoft's standards)

Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing.

[...]

"The folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor," Microsoft acknowledged in the support article. "One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail."


Pirates on Board the M.S. MoneyTanker!

Microsoft needs to be regulated, forced, coerced, sued and hammered on until they start up a substantial anti-botnet, anti-piracy effort that goes on the offensive against infected systems running their software.

[...]

Personally I'm tired of Microsoft's passive stance on allowing their customer's computers to be used as Internet versions of Typhoid Mary. They need to be held to account. There are lemon laws for bad cars. Doctors get sued for mal-practice. The EULA only protects Microsoft. Its about time that there was a balance between users as a class or an economic force and Microsoft.

Scare the hell out of the stockholders with a $25 billion fine and maybe Microsoft will move to tighten up OS install security.

Crackers who get caught and prosecuted are fined for their activity. So why can't Microsoft be fined for their apparent malpractice or indifference in really locking down security around their operating system image?


Please Join me in welcoming memcpy() to the SDL Rogues Gallery

Because we have seen many security vulnerabilities in products from Microsoft and many others, including ISVs and competitors, and because we have a viable replacement, I am “proud” to announce that we intend to add memcpy() will to the SDL C and C++ banned API list later this year as we make further revisions to the SDL. Right now, memcpy() is on the SDL Recommended banned list, but will soon be added to the SDL banned API requirement list now that we have more feedback from Microsoft product groups.


Organised crime cops seek international hacking powers

British law enforcement agents are quietly working with European counterparts on changes to national legislation that will allow them to share intelligence gained by hacking into suspects' PCs.

Sharon Lemon, director of the Serious and Organised Crime Agency's (SOCA) e-crime unit, told The Register data laws in some EU countries make it impossible for investigators to obtain and pool data covertly.


Malware infested MPs' PCs inflate leak risk

"That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act." (Bernard Woolley, Yes Minister)

The ongoing MPs' expenses row has brought public opinion of politics and politicians in the UK, never very high, towards unplumbed depths.

Embarrassing disclosures about how politicians across the political spectrum subsidised their living expense from the public purse follow hard on the heels of leaked emails regarding a proposed New Labour smear campaign against senior Tories, cobbled together by spin doctors Derek Draper and Brown aide Damian McBride in the style of In the Loop's Malcolm Tucker.


Hackers 'destroy' flight sim site

Flight simulator site Avsim has been "destroyed" by malicious hackers.

The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft's Flight Simulator.


Microsoft update closes fourteen vulnerabilities in PowerPoint (14 "critical")

Although, as announced, Microsoft is distributing only a single update (MS09-017), it's a biggie that closes fourteen security vulnerabilities in PowerPoint 2000, 2002, 2003 and 2007, and in PowerPoint Viewer 2003 and 2007.


IIS 6 + Webdav auth bypass and data upload (more here)

In other words Microsoft, certainly through the late addition of Unicode support to IIS, failed to realise that converting chars to unicode representation should happen before any "security" checks. So the flaw was one of logic, Unicode convertion after the security check.


Conficker Worm Infects Hospital MRI Machines

The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet Storm Center, tracked Conficker to an MRI machine in a hospital when the machine’s computer connected to the worm’s command and control center for instructions.


Recent Techrights' Posts

NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
 
The State of EPO Staff's Health in Rijswijk or The Hague
We're going to cover the EPO some more later in the month
GNU/Linux Growing in East Asia, Windows by Default No More?
GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025
IRC logs for Friday, April 04, 2025
Techrights Has Dealt With More Potent SLAPPs Than Violent Microsofters Begging to Hide What They Did to Women
I became accustomed to SLAPPs
Links 04/04/2025: Fury in South Korea, Flight MH370 Remains Mystery
Links for the day
Gemini Links 04/04/2025: Anger and Raspberry Pi CM4
Links for the day
Links 04/04/2025: LLM Slop Bubble Bursting and Korea Music Copyright Association Bans Slop 'Music'
Links for the day
Traf-O-Data, the Company That Jeffrey Epstein's BFF (Bill Gates) (Co)Founded 53 Years and Went Out of Business Due to Heavy Losses
Who will die first, Bill or Microsoft?
Why Microsoft's Shares Sank Almost 20% in Recent Months (the Bubble is Imploding)
verified press reports from the past 24 hours
A Note on SimilarWeb
Or why SimilarWeb is meaningless for more than 99% of the sites on the Web
GNU/Linux Rises to Almost 5% in Algeria While Windows Sinks to All-Time Low
GNU/Linux grew tenfold
Where to Get More Gags
A valued reader recommended that to us
Links 04/04/2025: Tech Stock (Inc. GAFAM) Fall, Google Pretends to Do End-to-End Encrypted Emails (With Google in Control)
Links for the day
IBM Said to be Shutting Down Offices or Sites in the United States
the press can no longer avoid admitting that IBM moves many jobs to India
To Participate in Fedora Diversity You Must Use Proprietary Software
Not for the first time either
LLM Slop as Attack Vector on the Reputation of Linux
The attacks on Linux have escalated to information warfare
Yandex About to Be Three Times Bigger Than Microsoft (Bing) in Asia
That's about 60% of the world's population
Gemini Links 04/04/2025: Decoupling Updates, Elaho as Gemini Client
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 03, 2025
IRC logs for Thursday, April 03, 2025
Microsoft's Trouble in Africa and Asia
A new all-time high for GNU/Linux
Brett Wilson LLP Reported to the Solicitors Regulation Authority (SRA)
The saddest thing in all this is that law firms can maintain high standards shall they wish to
Links 03/04/2025: Tariff Pains and C.D.C. Cuts
Links for the day
StatCounter: Microsoft is Masking a Disaster, It's Way Behind DeepSeek Already and Interest in LLMs Has Waned
it turns out the money "raised" for "Open" "AI" may not even exist at all
Links 03/04/2025: SoftBank Money for Microsoft "Open" "AI" Probably Doesn't Even Exist, Wikimedia Foundation Blasts LLM Nuisance While Microsoft Admits Demand Has Shrunk
Links for the day
Gemini Links 03/04/2025: Patch Panel and Pictures
Links for the day
Islamic Republic of Iran: GNU/Linux at All-time High This Month, Windows Falls to 12%
Vista 10 is up this month despite being "end of life" (EoL) soon
Indonesia: All-Time Highs for GNU/Linux
What's noteworthy right now is the growth of GNU/Linux
statCounter Says GNU/Linux Usage is Up Again (Internationally)
some preliminary April data
Only on April 1st Can the Free Software Foundation Associate With Microsoft's Open Source Initiative (OSI)
We saw some pranks that day linking the FSF to Microsoft (e.g. "endorsing" Windows)
Confirmed in the Mainstream Media: A Lot of Microsoft "Workloads" Were Just LLM Slop (Helping to Fake Growth for Years, as Microsoft Had Paid "Open" "AI" to Become a "Client") and Demand is Rapidly Waning, Datacentres Canceled and/or Shut Down
Anything to facilitate further accounting fraud
Taiwan's Media Covers Closure of Microsoft's "AI" Lab, It's Time to Talk About the Gradual Death of Windows and Implosion of the "AI" Bubble
Earlier this week we showed that mostly Asian media had the 'nerve' to mention Microsoft silently shutting down its 'AI' lab
IBM Gets Rid of Kelly Chambliss as Mass Layoffs Reported in IBM Consulting, IBM Loses Key Contracts/Graft
IBM Consulting has been in disarray lately
More Gains for GNU/Linux, Based on Web Surveys
the Steam site shows rapid growth for "Linux" this month
Slopwatch: Anti-Linux Articles, Not Even Written by Humans
Why aren't Web sites more vocal about this problem?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 02, 2025
IRC logs for Wednesday, April 02, 2025
Links 03/04/2025: Apple Fined Over Secret Surveillance, "Elegant Writer For A More Civilized Age"
Links for the day