Eye on Microsoft: Emergency, Botnets, and No Remedy

Dr. Roy Schestowitz

2009-07-26 08:50:30 UTC
Modified: 2009-07-26 08:50:30 UTC

Summary: Self-explanatory news about Microsoft and security

● Microsoft to issue emergency patches next week

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware.

● Software Crackdown

Cyber attacks seem to be getting more sophisticated by the hour. A few weeks ago malware known as Zero Day was found to have exploited a vulnerability in Microsoft's Windows operating system that could allow online criminals to take control of a computer from anywhere in the world without being detected. The operation involved what is known as "drive by" attacks, in which visitors to legitimate Web sites are redirected to a page that secretly downloads the malicious software.

● Microsoft admits it can't stop Office file format hacks

Microsoft's plan to "sandbox" Office documents in the next version of its application suite is an admission that the company can't keep hackers from exploiting file format bugs, a security analyst said today.

Comments

David Gerard

2009-07-26 19:01:17

Of course it's the formats! That's why every format vulnerability in MS Office is also found in OpenOffice.org ... oh wait, no they aren't. Gosh, it couldn't be crappy programming, or not validating untrusted input, or anything like that? I must be a zealot to think it.

Roy Schestowitz

2009-07-26 19:28:25

Yes, given more time I would have said something about the format issues.

Forget about malicious programs. When we have binary formats we also deal with malicious file formats and files that become malicious when merely interpreted, not executed.

David Gerard

2009-07-26 20:33:59

The real problem is that:

(a) in the '90s, Microsoft made a lot of their file formats dumps of C structs, for performance reasons;

(b) when this became incredibly hazardous with the Internet, and computers were powerful enough to check for malicious input ... they just kept on using the old code.

Then their master stroke of putting a complete programming language inside Office, thus inventing the macro virus.

Then their other master stroke of programs that execute any random instructions they happen to find in EMAIL MESSAGES.

INNOVATION!

Recent Techrights' Posts

SLAPP Censorship - Part 115 Out of 200: Spending the Next Decade Writing About SLAPPs and Trying to Fix the System: It's the same industry that got paid by corrupt EPO officials to try to cover up the corruption
Links 23/06/2026: Apple Price Hikes and Technical Debt in Slop: Links for the day
After IBM's Shares Collapsed the CEO is Trying the "Quantum" Trick Again, Bolstered by a Demented Dictator in the White House: from what we can gather IBM's CEO is trying to get the US government to participate in the scam
Greece Ought to Curb the Threat of Social Control Media: its national discourse seems to be run by an American company called Facebook
State of the GNU/Linux Desktop (and Laptop): The time to advocate GNU/Linux is now
The 'XBox Narrative' Distracts From Destructive Cuts Across the Whole of Microsoft: Microsoft is preparing to lay off a likely record-breaking number of people [...] this isn't just an XBox problem
Microsoft's Stock Fell Nearly $200, But the Real Problems Are Just About to Begin: if they dump slop, what will they tell shareholders?
The Cyber Show on Starmer and Software Freedom: The Cyber Show's Andy has just explained why our departing national leader wasn't all bad
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, June 22, 2026: IRC logs for Monday, June 22, 2026
Gemini Links 23/06/2026: Girlrotting, Homeworlds at BGA, Slop Ruins Sites: Links for the day
A Lifetime of Whistleblowing: Ellsberg did not have an easy life, but it was a rewarding life with a rich legacy focusing on justice
European Patent Office (EPO) Series: A Man With Many Missions...: Campinos – accompanied by Gilles Requena and Patrice Pellegrino
Links 22/06/2026: Ubisoft Co-founder Dies, Americans Have Turned Against Slop: Links for the day
Links 22/06/2026: "The Sycophancy Machine" and "Port 22 Open for 54 Days": Links for the day
When People Who Make the Most Money Are the Best "Boot Lickers" (Sucking Up to Jeffrey Epstein's Circle and the Dictator): Sucking up to rich people may pay off
The Aim is Not Fame: Reposted from schestowitz.com
"Internally Important, Externally Irrelevant": IBM in a Nutshell: Right now its debt spins out of control and its stock spirals down the drain
SLAPP Censorship - Part 114 Out of 200: Thousands of Long Articles to Come, Properly Covering the SLAPP Industry in the UK and Its Modus Operandi: "Stowell described SLAPPs as ‘a stain on our legal system’."
Finding a Way to Get Paid to Improve LibreJS: So now we have more people resurrecting LibreJS and improving it
Microsoft Can't Even Wait Until July, Shutdowns and Layoffs Already Happening: Mashable speak of "a grim picture for the state of Xbox."
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, June 21, 2026: IRC logs for Sunday, June 21, 2026
Gemini Links 22/06/2026: Appreciating Simple Things, Perfect Summer Evening, IRIX, Vim and so: Links for the day
Chad's Move to GNU/Linux or the Point of Exceeding 5% "Market Share": experienced centuries of being colonised
Gemini Links 21/06/2026: Dating Oaks, Paying With Cash, and "More on Withered Technology": Links for the day
GAFAM is Drowning in Debt, GAFAM is Clearly Not Sustainable Anymore (It Runs on Borrowed Money and Bailouts): The war and surrender in Iran will deepen the debt; we'll see the GAFAM reports in late July
GAFAM Was Never an Ally to Europe: Only 1 in 10 Europeans see US as an ally — study [...] military providers in "tech" clothing cannot be trusted
GitHub, LinkedIn, and XBox Will Finish Like Skype (Sustainability Crisis): Skype should become a verb. When Microsoft 'Skypes' something it means it basically shuts it down with some temporal excuse/s.
Drowning in Garbage: AUR Shows That Too Much Low-Quality Software (Including Slop) is Bad for Everybody: What happened in AUR had happened elsewhere before and will happen again in the future
Links 21/06/2026: EU on Patented (Monopolised) Crops, Microsoft Software "Narcs on You to Your Boss": Links for the day
Microsoft at 50 Follows the General Trajectory of Skype: How many years does Microsoft have left before payroll becomes impossible?
A Year After a Microsofter Took Over The Register MS It is Effectively a Content Farm With News as a 'Side Dish': This is not journalism, this is spam
IBM Pays the Media and Cons Some 'Journalists' Into Participating in "Quantum" Spam: "The Boy Who Cried Wolf"
You Don't Need an 'App' for Your Birdhouse (Slopfondlers Come for Birds): That they sell those things as "AI" really says a lot about how dishonest slopfondlers really are
SLAPP Censorship - Part 113 Out of 200: The United Kingdom is Not Turkey: Turkey is ranked almost worst in the Western World for press freedom
Cybersecurity Does Not Mean Asking Microsoft for Permission to Boot: There were very good and timely reasons to speak about the matter, including impending antitrust complaints against Microsoft
Links 21/06/2026: Bots from Alibaba Do Harm and Many Xbox Games Are Being Cancelled: Links for the day
5 Years After Release of Vista 11 Not Even One in 5 People Use It (in the US): It doesn't look like Vista 11 will ever be adopted like prior versions and announcing a Vista 12 will mostly upset companies/organisations that only recently "upgraded" to 11
Gemini Links 21/06/2026: Boca Raton, Perfect Summer Day, and LLM Doing Things Poorly: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 20, 2026: IRC logs for Saturday, June 20, 2026