Eye on Microsoft: Emergency, Botnets, and No Remedy

Dr. Roy Schestowitz

2009-07-26 08:50:30 UTC
Modified: 2009-07-26 08:50:30 UTC

Summary: Self-explanatory news about Microsoft and security

● Microsoft to issue emergency patches next week

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware.

● Software Crackdown

Cyber attacks seem to be getting more sophisticated by the hour. A few weeks ago malware known as Zero Day was found to have exploited a vulnerability in Microsoft's Windows operating system that could allow online criminals to take control of a computer from anywhere in the world without being detected. The operation involved what is known as "drive by" attacks, in which visitors to legitimate Web sites are redirected to a page that secretly downloads the malicious software.

● Microsoft admits it can't stop Office file format hacks

Microsoft's plan to "sandbox" Office documents in the next version of its application suite is an admission that the company can't keep hackers from exploiting file format bugs, a security analyst said today.

Comments

David Gerard

2009-07-26 19:01:17

Of course it's the formats! That's why every format vulnerability in MS Office is also found in OpenOffice.org ... oh wait, no they aren't. Gosh, it couldn't be crappy programming, or not validating untrusted input, or anything like that? I must be a zealot to think it.

Roy Schestowitz

2009-07-26 19:28:25

Yes, given more time I would have said something about the format issues.

Forget about malicious programs. When we have binary formats we also deal with malicious file formats and files that become malicious when merely interpreted, not executed.

David Gerard

2009-07-26 20:33:59

The real problem is that:

(a) in the '90s, Microsoft made a lot of their file formats dumps of C structs, for performance reasons;

(b) when this became incredibly hazardous with the Internet, and computers were powerful enough to check for malicious input ... they just kept on using the old code.

Then their master stroke of putting a complete programming language inside Office, thus inventing the macro virus.

Then their other master stroke of programs that execute any random instructions they happen to find in EMAIL MESSAGES.

INNOVATION!

Recent Techrights' Posts

Video: University in Peru Honours Richard Stallman: Tomorrow, January 20, Richard Stallman speaks in France
January 20: Richard Stallman Talk in Europe: evening time in Europe, around midday in the United States and Canada
FOSDEM is Called "FOSDEM" Because of Richard Stallman (RMS): The overlap there seems timely; yesterday RMS spoke in French-speaking (in part) Switzerland where questions in French were accepted
Links 19/01/2025: TikTok (Fentanylware) Now Banned in the US, Convicted Felon Talks to Fentanylware CEO and Pooh-Tin About Undoing the Ban Despite the Supreme Court Unanimously Upholding It: Links for the day
FTC Realises Microsoft Buying Fake 'Clients' to Fake "Revenue" (Microsoft 'Buying' Services and Products From Itself!): Ponzi scheme
Total Lock-down Ambitions - Part III - The Web Browser as DRM Pusher: A lot of "streaming" stuff is DRM
IBM Termination Story and Information From Microsoft About Mass Layoffs: In 2 weeks of 2025 Microsoft already had 2 waves of layoffs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, January 18, 2025: IRC logs for Saturday, January 18, 2025
Links 18/01/2025: Restoring the Great Wall of China and Economic Expansion in China: Links for the day
Guardian Digital (linuxsecurity.com) is Spamming the Web With Microsoft's Promotional LLM Slop About UEFI 'Secure' Boot (Which is Against Real Security): This is an attack on honest journalism
Links 18/01/2025: TikTok's Endgame, "Car Freedom", and Spying in Cars 'Fines' GM (Settlement): Links for the day
Links 18/01/2025: Apple Getting Out of Hey Hi (AI) Slop (Too Much Misinformation), Chaffbots/Chatbots Try to Settle Copyright Infringement Lawsuits: Links for the day
What Fake News Sites Are Doing to GNU/Linux: The LLM slop about Linux serves two purposes
Links 18/01/2025: Microsofters Upset at Microsoft's Ridiculous Rebrands (Excuse for Massive Price Hikes), Chaffbot Company ('Open'AI) Faces More Lawsuits: Links for the day
Gemini Links 18/01/2025: Surge in Illnesses, ctags, and Gemsync: Links for the day
Slopwatch: Too Lazy to Write Real Articles, Offloading to Chatbots Instead (LLM Slop About "Linux"): The Web was already full of garbage before the LLM frenzy. Now it's even worse.
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, January 17, 2025: IRC logs for Friday, January 17, 2025
RMS 'Inauguration' in Montpellier (Government Administration) on January 20th: Happy hacking
Even Technical Articles and HowTos From UNIXMen Nowadays Seem to be LLM Slop: We've just permanently removed the RSS feed of UNIXMen
The FSF's 2024 End-of-Year Fundraiser Succeeds: Over $400k to Support Software Freedom: That's worth bringing up again because the SFC is trying to 'crash' this achievement of the FSF
[Meme] Fentanylware (TikTok) Banned in the United States, Next Up European Union (EU): And the United Kingdom (UK)
President Biden is Right, "Free Press is Crumbling" and the United States Exports Its Media-Hostile Culture to Other Continents: perhaps Biden should pay closer attention to how Donald Trump-inspired Americans take their battles to other continents
Links 17/01/2025: TikTok Banned by the United Stated (SCOTUS Rejects Appeal): Links for the day
Software Freedom Conservancy Inc (SFC) Makes It Obvious It's Just a Copycat Trying to Exploit or Leech Off the FSF's (and GNU's) Work: They swim next to the rich people (who "match")
Links 17/01/2025: Fentanylware (TikTok) Herds Its (Drug) Users Into Even More Harmful "Apps": Links for the day
Guardian Digital, Inc (linuxsecurity.com) Uses Microsoft-Controlled Front Groups and LLM Slop in Order to Spread Microsoft-Directed Anti-Linux FUD: Microsoft garbage likely produced by Microsoft LLMs, spewing out Microsoft FUD
Likely Fake 'Article' About Linux Mint 22.1: BetaNews fired up its plagiarism machine (LLM)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, January 16, 2025: IRC logs for Thursday, January 16, 2025